On Sat, Sep 13, 2014 at 12:07 AM, Martin Thomson m...@mozilla.com wrote:
On 12/09/14 13:59, Anne van Kesteren wrote:
But shouldn't it be aware of this so you can adequately scope the
permission? E.g. I could granthttps://amazingmaps.example/ when
embedded throughhttps://okaystore.invalid/ permission to use my
location. But it would not be given out if it were embedded through
https://evil.invalid/ later on.
Or e.g. I could allow YouTube embedded through reddit to go
fullscreen, but not necessarily YouTube itself or when embedded
elsewhere.
In most cases (though here sicking's comment regarding what should happen
remains especially applicable), the actor is the only thing that matters.
That is, it's the principal of the JS compartment, which is the origin you
see in the bar at the top. The location that script is loaded from doesn't
matter.
Yes, I know how the web works. I was talking about nested browsing contexts.
An iframe embed is different, but in that context, the framed site
retains complete control over its content and is arguably competent to
ensure that it isn't abused; more importantly, the outer site has no
visibility other than what the framed site grants it.
I just gave an example where it would matter. I could similarly
imagine that I'd be okay with skype.com to have persistant camera
access when I navigate to it, but not when skype.com is in an iframe
somewhere serving ads.
--
http://annevankesteren.nl/
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform