W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Fri, 17 Apr 2015 03:01:01 -0400
Message-ID: <5530AFAD.2010801@mit.edu>
To: Mike West <mkwst@google.com>, Anne van Kesteren <annevk@annevk.nl>
CC: Webapps WG <public-webapps@w3.org>, public-webappsec@w3.org, public-script-coord <public-script-coord@w3.org>
On 4/17/15 2:52 AM, Boris Zbarsky wrote:
> If that preference is toggled, we in fact remove the API entirely, so
> that "'geolocation' in navigator" tests false.

Oh, I meant to mention: this is more web-compatible than having the API 
entrypoints throw, because it can be object-detected.  Of course we 
could have made the API entrypoints just always reject the request 
instead, I guess; removing the API altogether was somewhat simpler to do.

-Boris
Received on Friday, 17 April 2015 07:01:36 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC