W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: Strict mixed content checking (was Re: MIX: Exiting last call?)

From: Mike West <mkwst@google.com>
Date: Tue, 20 Jan 2015 12:52:21 +0100
Message-ID: <CAKXHy=eN11iY=GcVKQKJBZtuYfW1W36od7i_R8gADGhyB+-W1w@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: David Walp <David.Walp@microsoft.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Michael Cooper <cooper@w3.org>
On Mon, Jan 19, 2015 at 8:27 PM, Mike West <mkwst@google.com> wrote:

> I'd like to suggest that you rename the directive to
>> "no-mixed-content". I think "checking" in the name doesn't aid in
>> comprehension and is just noise. I also think "no" would be clearer
>> than "strict" in conveying the effects to a web developer who hasn't
>> read the spec.
> Sounds reasonable.
> Any objections? Going once... going twice...

While typing it, I realized that "no-mixed-content" could be interpreted as
"No, we're not checking mixed content. Everything's wonderful with these
insecure resources!"

I've run with "block-all-mixed-content" instead:
Hopefully that's unambiguous.

Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 20 January 2015 11:53:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC