On Dec 12, 2011, at 9:13 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: Adam Barth [mailto:[email protected]] >> Sent: Monday, December 12, 2011 11:09 AM >> To: Murray S. Kucherawy >> Cc: [email protected] >> Subject: Re: [websec] Same Origins and email >> >> That depends on the MUA. In Gmail, for example, the origin is >> https://mail.google.com. It depends on the URL the MUA assigns to the >> HTML document contained in the email. > > What about something like Outlook or alpine, where we're not talking about a > web-based MUA but one that pulls from a local store?
file://localhost ? Although I think HTML you get through the mail should not be scripted by files on your computer, so maybe each mail item should have its own origin. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
