- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 18 Jul 2016 18:56:45 +0200
- To: David Ross <drx@google.com>
- Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Jul 18, 2016 at 6:00 PM, David Ross <drx@google.com> wrote: > I also see potential for lower-level isolation technologies to evolve and > provide EPR-like functionality. An API for Container Tabs (which makes sense to me, mind you) doesn't really address the problem of URL manipulation. I guess we could couple it with not allowing request bodies, which relies on the user having visited the site at least once, but the attack vector we're concerned with is mostly sites the user has an established relationship with I suppose. Maybe that's good enough. Not breaking URLs is rather nice... -- https://annevankesteren.nl/
Received on Monday, 18 July 2016 16:57:13 UTC