On 14/01/2014 12:31 PM, Martin Thomson wrote: > On 14 January 2014 05:23, Dominique Hazael-Massieux <dom@w3.org> wrote: >> How about tying this to CORS? If you already grant cross-origin access >> to your Web content via CORS, can it be inferred you're happy to share >> its content via screen sharing? > That doesn't really work in that the iframe (or other cross origin > content) is acquired without the CORS preflight. I was thinking > Frame-Options actually. > Amusing read about browser extensions: http://www.reddit.com/r/IAmA/comments/1vjj51/i_am_one_of_the_developers_of_a_popular_chrome/ By the time you notice that an extension has become malicious, over 700k users could have had their banking records stolen. Point is: hiding security-sensitive features behind extensions does not (on its own) ensure security. GiliReceived on Monday, 20 January 2014 05:43:24 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:17:54 UTC