- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Sat, 04 Feb 2012 01:47:48 -0500
On 2/3/12 11:15 PM, Ian Hickson wrote: > No, I agree with you that if the author is using HTTP styles on their > HTTPS page that an attacker could screw with the page. But my point is > that fixing that is easy: just move the styles to HTTPS. In the case of > scripts it's not that easy because the scripts might be on third-party > servers Styles are also commonly found on third-party servers... > in complicated setups Likewise. But yeah, I'd love to hear from Adam here. -Boris
Received on Friday, 3 February 2012 22:47:48 UTC