- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 2 Jul 2015 10:45:58 +0200
- To: Mike West <mkwst@google.com>
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, Yan Zhu <yzhu@yahoo-inc.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jul 2, 2015 at 9:53 AM, Mike West <mkwst@google.com> wrote: > On Thu, Jul 2, 2015 at 9:32 AM, Mike West <mkwst@google.com> wrote: >> It's not clear to me how far we ought to go to prevent developers from >> doing this kind of thing. My intuition is that walking the ancestor chain is >> enough, and that popups are annoying enough for everyone involved to avoid. >> What do you think? > > I now remember that I had a similar conversation with Ian a while back: > https://www.w3.org/Bugs/Public/show_bug.cgi?id=27190. See also https://lists.w3.org/Archives/Public/public-webappsec/2015Jun/0067.html about making secure contexts an actual guarantee by tying it to origins. As long as we don't do that, things will leak. E.g. assume B has a service worker. Now B is embedded in non-secure A. Does the service worker run? It's not entirely clear to me that doing this half-assed ancestor check is buying us much in a world with workers, multiple windows, etc. We'll defeat the Netflix workaround, but the moment Netflix adds a shared worker they're golden again. -- https://annevankesteren.nl/
Received on Thursday, 2 July 2015 08:46:22 UTC