Re: In what circumstances is "delayed execution" acceptable on the web? from Anne van Kesteren on 2015-11-13 (public-webappsec@w3.org from November 2015)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 13 Nov 2015 08:29:46 +0100
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78heUW2Bk2NLR7Csxo4NGwxFwZ6diSEN3uFQw+j3r5bqNg@mail.gmail.com>

On Thu, Nov 12, 2015 at 7:55 PM, Jeffrey Yasskin <jyasskin@google.com> wrote:
> Overall, "get the user's explicit permission" is much more complicated
> than it sounds, and folks who ask for it need to try to answer the
> questions it raises.

Conversely, folks asking for features that go outside of the browser's
assumed sandbox, need to account for how that can be done securely.

-- 
https://annevankesteren.nl/

Received on Friday, 13 November 2015 07:30:20 UTC