- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Wed, 19 Oct 2016 12:33:28 -0700
- To: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Artur Janc <aaj@google.com>, Christoph Kerschbaumer <ckerschbaumer@mozilla.com>, Frederik Braun <fbraun@mozilla.com>, Scott Helme <scotthelme@hotmail.com>
On 10/17/16 7:15 AM, Mike West wrote: > 2. It's not reasonable to provide developers with details of > third-party script, unless that external script has opted into > sharing details Can you give any examples? I don't see our code doing that. If we are I agree we shouldn't; we should be reporting on in-line scripts only. > Perhaps Mozilla folks did some research when implementing this > feature that justify/explain the 40 character limit as > sufficiently-safe? It was Brandon's initial best-guess that no one has suggested changing https://bugzilla.mozilla.org/show_bug.cgi?id=600584#c5 -Dan Veditz
Received on Wednesday, 19 October 2016 19:33:59 UTC