Am 15.01.2013 00:39 schrieb Nasko Oskov:
Hi whatwg,
I recently became aware of the proposal to add AllowSeamless attribute that
will permit cross-origin seamless iframes (
http://wiki.whatwg.org/wiki/AllowSeamless). We are currently working on a
new security policy in Chrome, which will separate
On Tue, Jan 15, 2013 at 2:44 PM, Markus Ernst derer...@gmx.ch wrote:
The allow-seamless mechanism is to be triggered at the side of the embedded
resource, which would also be the one affected by possible security risks
(if I get this right). The developer of this resource will have to be aware
Am 18.01.2013 14:40 schrieb Anne van Kesteren:
On Tue, Jan 15, 2013 at 2:44 PM, Markus Ernst derer...@gmx.ch wrote:
The allow-seamless mechanism is to be triggered at the side of the embedded
resource, which would also be the one affected by possible security risks
(if I get this right). The
On 1/18/13 8:40 AM, Anne van Kesteren wrote:
On Tue, Jan 15, 2013 at 2:44 PM, Markus Ernst derer...@gmx.ch wrote:
The allow-seamless mechanism is to be triggered at the side of the embedded
resource, which would also be the one affected by possible security risks
(if I get this right). The
On Fri, Jan 18, 2013 at 5:20 PM, Boris Zbarsky bzbar...@mit.edu wrote:
except for niggling issues around code that uses location.href to determine
origins. :(
Sounds like you'd also have to trust that the page you're seamlessly
embedding is not going to do anything malicious on your origin.
Am 15.01.2013 01:36 schrieb Nasko Oskov:
On Mon, Jan 14, 2013 at 3:48 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Tue, Jan 15, 2013 at 12:39 AM, Nasko Oskov na...@chromium.org wrote:
Based on the existing security concerns listed in the proposal and the
fact
that it might prevent a
Hi whatwg,
I recently became aware of the proposal to add AllowSeamless attribute that
will permit cross-origin seamless iframes (
http://wiki.whatwg.org/wiki/AllowSeamless). We are currently working on a
new security policy in Chrome, which will separate each site into its own
renderer process.
On Tue, Jan 15, 2013 at 12:39 AM, Nasko Oskov na...@chromium.org wrote:
Based on the existing security concerns listed in the proposal and the fact
that it might prevent a useful new security architecture in browsers, I
would suggest this not be added to the web platform.
FWIW, I think that
On Sat, May 26, 2012 at 10:13 PM, Maciej Stachowiak m...@apple.com wrote:
On May 26, 2012, at 5:16 PM, Adam Barth w...@adambarth.com wrote:
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamless about letting a document
indicate that it is willing to be displayed
Am 27.05.2012 02:16 schrieb Adam Barth:
Hi whatwg,
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamless about letting a document
indicate that it is willing to be displayed seamlessly with a
cross-origin parent. This proposal is a refinement of the approach
previously
Am 27.05.2012 12:00 schrieb Markus Ernst:
allowseemles=example.org *.example.org shop.otherdomain.com,
inherit-style
It seams I made a typo here.
On Sun, May 27, 2012 at 3:00 AM, Markus Ernst derer...@gmx.ch wrote:
Am 27.05.2012 02:16 schrieb Adam Barth:
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamless about letting a document
indicate that it is willing to be displayed seamlessly with a
cross-origin parent.
Am 27.05.2012 12:19 schrieb Adam Barth:
On Sun, May 27, 2012 at 3:00 AM, Markus Ernstderer...@gmx.ch wrote:
Am 27.05.2012 02:16 schrieb Adam Barth:
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamlessabout letting a document
indicate that it is willing to be
Hi whatwg,
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamless about letting a document
indicate that it is willing to be displayed seamlessly with a
cross-origin parent. This proposal is a refinement of the approach
previously discussed in this thread:
On May 26, 2012, at 5:16 PM, Adam Barth w...@adambarth.com wrote:
Hi whatwg,
I've added a proposal to the wiki
http://wiki.whatwg.org/wiki/AllowSeamless about letting a document
indicate that it is willing to be displayed seamlessly with a
cross-origin parent. This proposal is a
15 matches
Mail list logo