On 05/18/2011 09:45 PM, From Adam Barth:
We tried aggressively blocking active mixed content by default in the Chrome Dev channel, but too much broke. We're going to unblock it again and try to find some middle road.
That's a shame and very regrettable. Together with IE9 you could have made a difference in order to pull over other browser vendors to do the same, which in turn would have put the pressure elsewhere (those that provide stuff to embed with their sites).
IMO, mixed content breaks the security and concept entirely. -- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
