On Wednesday, April 23, 2014 11:47:28 AM UTC+8, Francois Marier wrote: > On 23/04/14 15:12, Brett Zamir wrote: > > > Of course there is NoScript, but I think sites ought to be able to > > > submit themselves to restrictions which can lead to the browser > > > assuring the user that the site in question will not abuse their > > > privacy, and only submit data back to the server if approved (with > > > developers at least, being able to inspect the request or response > > > payload) and/or receive back data if approved. > > > > > > I've requested this on the WhatWG list at: > > > http://comments.gmane.org/gmane.org.w3c.whatwg.discuss/41774 > > > > Some of what you are looking for can be done today using Content > > Security Policy: > > > > https://developer.mozilla.org/en-US/docs/Web/Security/CSP > > > > For example, disabling scripting: > > > > > > https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#script-src > > > > and AJAX requests: > > > > > > https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#connect-src > > > > Francois
A belated thank you for that info...That's very good to know. I also see an interesting add-on concept to bring more control to users: https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign . I hope UI indicators of current CSP will also come to fruition. _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
