W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: Strict mixed content checking (was Re: MIX: Exiting last call?)

From: Mike West <mkwst@google.com>
Date: Tue, 20 Jan 2015 12:52:21 +0100
Message-ID: <CAKXHy=eN11iY=GcVKQKJBZtuYfW1W36od7i_R8gADGhyB+-W1w@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: David Walp <David.Walp@microsoft.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Michael Cooper <cooper@w3.org>
On Mon, Jan 19, 2015 at 8:27 PM, Mike West <mkwst@google.com> wrote:

> I'd like to suggest that you rename the directive to
>> "no-mixed-content". I think "checking" in the name doesn't aid in
>> comprehension and is just noise. I also think "no" would be clearer
>> than "strict" in conveying the effects to a web developer who hasn't
>> read the spec.
>>
>
> Sounds reasonable.
>
> Any objections? Going once... going twice...
>

While typing it, I realized that "no-mixed-content" could be interpreted as
"No, we're not checking mixed content. Everything's wonderful with these
insecure resources!"

I've run with "block-all-mixed-content" instead:
https://github.com/w3c/webappsec/commit/d9907898755234c3d3967e56227a9fd3ab480ef3.
Hopefully that's unambiguous.

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 20 January 2015 11:53:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC