- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 9 Jan 2015 10:32:03 +0100
- To: Jacob Bednarz <jacob.bednarz@gmail.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Jan 9, 2015 at 9:19 AM, Jacob Bednarz <jacob.bednarz@gmail.com> wrote: > Is there any other approach I could take with this? Or is there something I > have blindly missed? If there is not a solution currently in place, is this > something worth looking at trying to implement or is this an edge case that > wouldn't benefit being added to the spec? It's difficult. E.g. if you whitelist google.co*, what about google.co.evil.com? Or google.co.kitchen? It seems best to enumerate the domains you trust. -- https://annevankesteren.nl/
Received on Friday, 9 January 2015 09:32:30 UTC