On 6-May-09, at 9:56 PM, Adam Barth wrote: > From a security point of view, we'd ideally like to render feeds with > JavaScript and plug-ins disabled, as well as in a noAccess > SecurityOrigin. This is easier if the feed preview lives in its own > scheme. I'm happy to help out with the security bits once you have > the basics up and running.
FWIW, Firefox has had several security issues crop up with the mixed- content feed preview implementation. Placing privileged controls so close to web content should be avoided, IMO, if you want to keep this from being a problem for Chrome as well. cheers, mike --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
