- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Mon, 9 Feb 2015 08:57:19 -0800
- To: Jim Manico <jim.manico@owasp.org>
- Cc: Mike West <mkwst@google.com>, Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Isn't one explicit motivation for sub-origins the limitations of sandbox bought up here? See intro section in https://metromoxie.github.io/webappsec/specs/suborigins/. Maybe it might be enough to support the ad and third party widget use cases too. cheers Dev On 9 February 2015 at 04:27, Jim Manico <jim.manico@owasp.org> wrote: >> It would be great > to hear from you and others about why it is unrealistic now. > > If you want to get premium-level compensation from some ad providers > then you need to give them full DOM access. This "goes away" in a > world where ads are fully sandboxed or not allowed DOM access. > > I am just wondering is the end game to shut this down or perhaps > provide a more flexible sandbox? I am hoping a flexible sandbox is the > end game. > > If there is a configurable ad-friendly web standard for DOM accessible > advertising, please point me in the direction. > > Aloha, > -- > Jim Manico > @Manicode > (808) 652-3805 > >> On Feb 9, 2015, at 12:55 PM, Mike West <mkwst@google.com> wrote: >> >> It would be great >> to hear from you and others about why it is unrealistic now. >
Received on Monday, 9 February 2015 16:58:16 UTC