W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [MIX] 4.5 User Controls

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 31 Oct 2014 08:50:26 +0100
Message-ID: <CADnb78gGz3yod+5vUEnsYJkBEhBteyvdY9YZzUt_yj-SFx=E=w@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 30, 2014 at 8:43 PM, Brad Hill <hillbrad@gmail.com> wrote:
> Should the subject of this thread reference CSP rather than MIX?

Perhaps. I thought it could be called out here since this is
explicitly talking about user controls.

> I believe we want to leave it that way. (saying nothing and leaving
> this choice to user agents)

Really? That sounds super bad. If my security policy blocks something,
I don't want users to have the option to make themselves vulnerable.

Received on Friday, 31 October 2014 07:50:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:42 UTC