- From: David Ross <drx@google.com>
- Date: Mon, 18 Jul 2016 09:00:09 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Monday, 18 July 2016 16:01:04 UTC
The most frequently discussed are the objections around EPR's behavior w.r.t. deep-linking. That is, some nefarious content provider might find EPR to be the most convenient way to block deep linking. I wouldn't say that this is a blocking issue per-se, but with competing priorities it's hard to fight for something where there's at least some active opposition. I also see potential for lower-level isolation technologies to evolve and provide EPR-like functionality. (Things like Firefox Container Tabs, https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/) Dave On Mon, Jul 18, 2016 at 12:30 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Wed, Jul 13, 2016 at 8:42 PM, David Ross <drx@google.com> wrote: > > In any case, EPR has been stalled for other reasons and I'm not going to > > contest the proposed transition. I just hope that it won't be too hard > to > > revive it as necessary in the future. > > Can you elaborate on the other reasons? Although I'm still a little > concerned about the features EPR offers, having isolation against XSS > and XSRF does seem like a necessary component to offer more low-level > APIs to the web. > > > -- > https://annevankesteren.nl/ >
Received on Monday, 18 July 2016 16:01:04 UTC