W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

Re: In what circumstances is "delayed execution" acceptable on the web?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 13 Nov 2015 08:29:46 +0100
Message-ID: <CADnb78heUW2Bk2NLR7Csxo4NGwxFwZ6diSEN3uFQw+j3r5bqNg@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Nov 12, 2015 at 7:55 PM, Jeffrey Yasskin <jyasskin@google.com> wrote:
> Overall, "get the user's explicit permission" is much more complicated
> than it sounds, and folks who ask for it need to try to answer the
> questions it raises.

Conversely, folks asking for features that go outside of the browser's
assumed sandbox, need to account for how that can be done securely.

Received on Friday, 13 November 2015 07:30:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC