W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: [powerful-features] Use of the active document in defining a secure context is fishy

From: Mike West <mkwst@google.com>
Date: Thu, 2 Jul 2015 09:53:24 +0200
Message-ID: <CAKXHy=dQz-5OMi5vF6e_Zcba1d1JmtW58zJMocVWs7CGHU6zyQ@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>, Yan Zhu <yzhu@yahoo-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jul 2, 2015 at 9:32 AM, Mike West <mkwst@google.com> wrote:

> It's not clear to me how far we ought to go to prevent developers from
> doing this kind of thing. My intuition is that walking the ancestor chain
> is enough, and that popups are annoying enough for everyone involved to
> avoid. What do you think?
>

I now remember that I had a similar conversation with Ian a while back:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27190.

-mike
Received on Thursday, 2 July 2015 07:54:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC