I was hoping to learn that images too would get blocked. I'm not sure I can think of all the ways to exploit this hole in security but certainly a browser defect in image handling is one of them. I'm sure blocking such http requests would break some sites but has anyone performed research or analysis into how big the problem is? Is there a user option to force them to be blocked? I'm also curious how exhaustively the blocking rules get tested. With all the levels of nesting that occur and caching and redirects and live _javascript_ stuff that take place on most every page load, it seems like there certainly could be holes but I'd rather have hard facts. Anyone have data on that? Thank you!
wrt http:// images from a https:// origin - the images do load but you get the !-in-a-triangle mixed content icon instead of a lock. | ||
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
