[webkit-dev] Mixed content checking
Mike West
mkwst at chromium.org
Tue Aug 5 02:03:28 PDT 2014
Apologies for digging up an old thread; I didn't see it until now.
On Thu, Jul 24, 2014 at 7:59 AM, Alexey Proskuryakov <ap at webkit.org> wrote:
> In other words, how is "active content" defined here?
Note that the WebAppSec WG is working on a mixed content spec that drops
the "active"/"passive" distinction in favor of "stuff we can block without
breaking the web"/"images":
http://w3c.github.io/webappsec/specs/mixedcontent/#categories Feedback on
that document would be welcome.
As Michael notes in his response, Chrome is busy tightening its
implementation to match that spec. Some details on that in
https://groups.google.com/a/chromium.org/d/msg/security-dev/Uxzvrqb6IeU/wb51F3nV7csJ
-mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20140805/b9f718b6/attachment.html>
More information about the webkit-dev
mailing list