W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] 4.5 User Controls

From: Brad Hill <hillbrad@gmail.com>
Date: Thu, 30 Oct 2014 12:43:13 -0700
Message-ID: <CAEeYn8hXw9QZBhNQJ_Kn_O8C4-ADdMKBG_p6gvNbG9L-34nbTQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>
Should the subject of this thread reference CSP rather than MIX?

CSP currently says nothing normative about user controls, except what
you might infer from the note about processing bookmarklets, etc. in
http://www.w3.org/TR/CSP2/#processing-model.

I believe we want to leave it that way. (saying nothing and leaving
this choice to user agents)

On Thu, Oct 30, 2014 at 7:11 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Thu, Oct 30, 2014 at 3:03 PM, Mike West <mkwst@google.com> wrote:
>> What do you mean? What controls do folks want for CSP that we're not
>> offering?
>
> When I explained CSP to people they thought it was similar to Mixed
> Content and could be overridden by the end user. It might be
> worthwhile to point out in the specification that won't happen.
>
>
> --
> https://annevankesteren.nl/
>
Received on Thursday, 30 October 2014 19:43:41 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC