Cor, steady on Hixie, it wasn’t me yelling that “WHATWG is broken”. All I’m
trying to do is get someone (not me) to start development on a solution for
background geolocation in HTML5 Web Apps. Sorry if my post was in/pas
apropos.
> all that matters is the quality of arguments and data
I see what you're saying Michael and also agree it's serious. Would I be
correct in thinking that MS Edge solves the problem by not returning
window.opener cross-domain? Is the UA not a logical and uniform place for
this?
BTW I've also experienced the CitHub topic-closure nazis many times :-(
If window.opener() did not work cross-domain then as far as I can tell
that would be secure.
On 12/01/2016 07:23 PM, Richard Maher wrote:
I see what you're saying Michael and also agree it's serious. Would I be
correct in thinking that MS Edge solves the problem by not returning
window.opener
Well if it was done as a header, I suppose it could be added as a
http-equiv meta tag for those who want to.
Header is the easiest solution to make sure it is applied everywhere
without question. It could even be added at the front-end proxy to cover
numerous web applications on many domains
On 12/01/2016 06:14 PM, Elliott Sprehn wrote:
On Wed, Nov 30, 2016 at 10:53 PM, Boris Zbarsky wrote:
On 12/1/16 1:41 AM, Chris Holland wrote:
I think the devil would be in implementation detail. Slapping a
"rel/noopener" attribute on a specific link is very deterministic
On Fri, Dec 2, 2016 at 9:41 AM, Karl Dubost wrote:
>
> Le 2 déc. 2016 à 08:53, Richard Maher a écrit :
> > The main goal of background geolocation reporting
>
> Previous related threads:
> https://groups.google.com/forum/#!topic/mozilla.dev.
>
On Wed, Nov 30, 2016 at 10:53 PM, Boris Zbarsky wrote:
> On 12/1/16 1:41 AM, Chris Holland wrote:
>
>> I think the devil would be in implementation detail. Slapping a
>> "rel/noopener" attribute on a specific link is very deterministic and
>> straightforward from a logic
From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Ian Hickson
> I believe that's a bit of an overstatement. There are certainly risks
> involved in window.opener (they're briefly discussed in the spec itself), but
> it doesn't remove the origin checks.
This is the crucial
Le 2 déc. 2016 à 08:53, Richard Maher a écrit :
> The main goal of background geolocation reporting
Previous related threads:
https://groups.google.com/forum/#!topic/mozilla.dev.geolocation/D5UXf-N3JfU
how about rather than requiring this on every why not support a base
tag directive
for the whole document i.e. , similar to ?
On Fri, Dec 2, 2016 at 12:39 PM, Domenic Denicola wrote:
> From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Ian
> Hickson
>
> > I
From: Zac Spitzer [mailto:zac.spit...@gmail.com]
> how about rather than requiring this on every why not support a base tag
> directive for the whole document i.e. , similar to
> ?
Yes, this is a good idea to include in a general framework for imposing such
On 12/01/2016 05:39 PM, Domenic Denicola wrote:
From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Ian Hickson
I believe that's a bit of an overstatement. There are certainly risks involved
in window.opener (they're briefly discussed in the spec itself), but it doesn't
remove
Thanks Michael. So to be safe one should use Edge? Who'd have thunk it?
Anyone tested Michael's example on FireFox or Safari?
It does look like Chrome is the driver of rel=noopener. Does the credential
API https://w3c.github.io/webappsec-credential-management/ rely on this
flaw?
On Fri, Dec 2,
13 matches
Mail list logo