On Wednesday, November 27, 2019 at 7:50:46 PM UTC+1, s.h...@gmail.com wrote:
> >Conversely, there would be another attack to link to
> >attacker spaces on already-trusted sites (but no top-level) >and get
> >silently access too.
> That is not silent, because user would have already granted
On Monday, November 25, 2019 at 10:38:28 PM UTC+1, s.h...@gmail.com wrote:
> 1. If a user already gave permission to certain origin (e.g. skype.com), and
> that origin had HTML injection, does that mean attacker can now silently
> inherit permission from skype.com?
>
> 2. If so, how can a
On Wednesday, November 27, 2019 at 4:55:35 PM UTC+1, s.h...@gmail.com wrote:
> How will you leak Geo Location, Camera data, etc, using HTML injecting? I’m
> saying the origin is vulnerable to HTML injection, and origin is not
> malicious.
Thanks, yes, that is a consideration we should care
On Tuesday, November 26, 2019 at 1:03:01 AM UTC+1, kgil...@mozilla.com wrote:
> On Monday, November 25, 2019 at 9:29:10 AM UTC-8, Thomas Nguyen wrote:
> > Summary: People don’t have a good understanding of iframes, because
> > generally, no UI indicates that iframes are visible on
On Tuesday, November 26, 2019 at 1:03:01 AM UTC+1, kgil...@mozilla.com wrote:
> On Monday, November 25, 2019 at 9:29:10 AM UTC-8, Thomas Nguyen wrote:
> > Summary: People don’t have a good understanding of iframes, because
> > generally, no UI indicates that iframes are visible on
ator.services.mozilla.com/D42958#change-pqamxq3whbwg>
Secure contexts: yes.
Is this feature enabled by default in sandboxed iframes? Yes
--
Best regards,
=
Thomas
Thanks, that's a good point indeed. I prefer adding a console warning in
this case.
On Tue, Jul 2, 2019 at 9:23 PM Panos Astithas wrote:
> On Tue, Jul 2, 2019 at 6:16 AM Thomas Nguyen wrote:
>
>> DevTools bug: No
>>
>
> Wouldn't it be helpful to indicate such t
https://github.com/web-platform-tests/wpt/blob/master/referrer-policy/generic/referrer-policy-test-case.sub.js
--
Best regards,
=
Thomas Nguyen
IRC : tngu...@irc.mozilla.com
Slack: tnguyen
Email: tngu...@mozil
Oh, you are right, sorry that I used confusing words. After implementation,
we expect they are all passed as OK, not FAIL.
On Thu, Nov 1, 2018 at 12:24 PM James Graham wrote:
> On 01/11/2018 11:03, Thomas Nguyen wrote:
> > The link
> >
> https://searchfox.org/mozilla-central/s
://searchfox.org/mozilla-central/source/testing/web-platform/meta/referrer-policy/origin/attr-referrer/same-origin/http-http/script-tag
On Thu, Nov 1, 2018 at 11:28 AM James Graham wrote:
> On 31/10/2018 14:03, Thomas Nguyen wrote:
> > Summary: This implementation adds Referrer Policy support to the
Summary: This implementation adds Referrer Policy support to the
11 matches
Mail list logo
