W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: Strict mixed content checking (was Re: MIX: Exiting last call?)

From: Mike West <mkwst@google.com>
Date: Tue, 20 Jan 2015 13:05:05 +0100
Message-ID: <CAKXHy=fcMOQ9tpX5wk5i832wtugDB30iGa7r7ct4PUSM+oS+zA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Brian Smith <brian@briansmith.org>, David Walp <David.Walp@microsoft.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Michael Cooper <cooper@w3.org>
On Tue, Jan 20, 2015 at 1:01 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Tue, Jan 20, 2015 at 12:52 PM, Mike West <mkwst@google.com> wrote:
> > I've run with "block-all-mixed-content" instead:
> >
> https://github.com/w3c/webappsec/commit/d9907898755234c3d3967e56227a9fd3ab480ef3
> .
> > Hopefully that's unambiguous.
> If there's no difference in meaning with "block-mixed-content" I'd go
> with that instead and reserve "all" for ambiguous cases.

Hrm. *shrug* We already block "blockable" mixed content. Seems like we need
a qualifier to note that we're not only going to continue blocking
blockable mixed content, but that we're not going to give users a choice in
the matter anymore, and we're going to do the same for "optionally
blockable" mixed content.

But, again, weak opinions, weakly held. I'll hold off on changing the spec
again just in case other folks have other opinions, but I'm not totally
averse to making the string shorter.


Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 20 January 2015 12:05:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC