Re: [powerful-features] Use of the active document in defining a secure context is fishy from Mike West on 2015-07-02 (public-webappsec@w3.org from July 2015)

From: Mike West <mkwst@google.com>
Date: Thu, 2 Jul 2015 09:53:24 +0200
To: Boris Zbarsky <bzbarsky@mit.edu>, Yan Zhu <yzhu@yahoo-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=dQz-5OMi5vF6e_Zcba1d1JmtW58zJMocVWs7CGHU6zyQ@mail.gmail.com>

On Thu, Jul 2, 2015 at 9:32 AM, Mike West <mkwst@google.com> wrote:

> It's not clear to me how far we ought to go to prevent developers from
> doing this kind of thing. My intuition is that walking the ancestor chain
> is enough, and that popups are annoying enough for everyone involved to
> avoid. What do you think?
>

I now remember that I had a similar conversation with Ian a while back:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27190.

-mike

Received on Thursday, 2 July 2015 07:54:12 UTC