W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [CSP] Geotargetting?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 9 Jan 2015 10:32:03 +0100
Message-ID: <CADnb78hQ2ua-x-Fggb1FLmkcgE6=B36m-fN9ce=d=2JV7cXigg@mail.gmail.com>
To: Jacob Bednarz <jacob.bednarz@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Jan 9, 2015 at 9:19 AM, Jacob Bednarz <jacob.bednarz@gmail.com> wrote:
> Is there any other approach I could take with this? Or is there something I
> have blindly missed? If there is not a solution currently in place, is this
> something worth looking at trying to implement or is this an edge case that
> wouldn't benefit being added to the spec?

It's difficult. E.g. if you whitelist google.co*, what about
google.co.evil.com? Or google.co.kitchen? It seems best to enumerate
the domains you trust.

Received on Friday, 9 January 2015 09:32:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC