W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

Re: In what circumstances is "delayed execution" acceptable on the web?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 13 Nov 2015 08:29:46 +0100
Message-ID: <CADnb78heUW2Bk2NLR7Csxo4NGwxFwZ6diSEN3uFQw+j3r5bqNg@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Nov 12, 2015 at 7:55 PM, Jeffrey Yasskin <jyasskin@google.com> wrote:
> Overall, "get the user's explicit permission" is much more complicated
> than it sounds, and folks who ask for it need to try to answer the
> questions it raises.

Conversely, folks asking for features that go outside of the browser's
assumed sandbox, need to account for how that can be done securely.


-- 
https://annevankesteren.nl/
Received on Friday, 13 November 2015 07:30:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC