W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: Privileged context features and JavaScript

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 17 Apr 2015 17:13:28 +0200
Message-ID: <CADnb78jzo_3Z8QGWGiNF7Y3CnyW2gGH8CN1XgSq6UsSsjMcVbg@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mike West <mkwst@google.com>, Webapps WG <public-webapps@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-script-coord <public-script-coord@w3.org>
On Fri, Apr 17, 2015 at 4:09 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> I say this because I'm seeing people want to apply this to a variety of
> different APIs which should do a variety of different things in the
> "disabled" state, as far as I can tell.
>
> Am I missing something and there's something more that such an annotation
> could do?

A bunch of the new non-legacy APIs (that is geolocation doesn't count)
have some kind of promise thing you need to get past before things
start working. For those APIs we could have something with normative
language. I don't see how we could make something work for all
possible APIs (unless we do the hiding thing).


-- 
https://annevankesteren.nl/
Received on Friday, 17 April 2015 15:14:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:12 UTC