W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

From: Gregory Maxwell <gmaxwell@gmail.com>
Date: Sat, 13 Nov 2010 20:00:34 -0500
Message-ID: <AANLkTikGatUHOm3LdUGXPOkdWCxVwGXTjZys_COLZbh0@mail.gmail.com>
On Sat, Nov 13, 2010 at 5:37 PM, Ingo Chao <i4chao at googlemail.com> wrote:
> 2010/11/13 timeless <timeless at gmail.com>:
[snip]
> Good contracts with the component's providers of a mashup are
> neccessary, but not sufficient to resolve the mixed https/http issue
> in reality. Another ingredient for a secure mashup would be the event
> I am proposing, to alert the mashup's owner that something was going
> wrong, by mistake. That a component was loaded insecure.

This sounds to me like the kind of reasoning which resulted in the CSP
policy set stuff:

https://developer.mozilla.org/en/Security/CSP

(and, in particular, the violation reports)
Received on Saturday, 13 November 2010 17:00:34 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC