On Fri, Apr 28, 2017 at 1:56 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: >> While it does not address the attack, it should be limited to secure >> context, if we keep the API. It's actually in the spec. > > Why is that an advantage? Any attacker can use a secure context. The word > "secure" here relates to the security of the transport layer, but if the > origin itself is untrusted (which it is) exposing an unsafe functionality to > a "secure" context is just as unsafe. > > (And on the practical side of things, any attacker can use a free or paid CA > service to deliver their attack code through a secure channel.)
While this is all true, a secure origin at least gives us the ability to disable the feature on a per-origin basis if we decided to do that. I feel like I've had this conversation before... _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform