> -----Original Message----- > From: Adam Barth [mailto:[email protected]] > Sent: Monday, December 12, 2011 11:35 AM > To: Yoav Nir > Cc: Murray S. Kucherawy; [email protected] > Subject: Re: [websec] Same Origins and email > > The questions you're asking don't really have universal answers. > These behaviors aren't standardized and so are likely to vary from MUA > to MUA.
I think that's why I'm asking the question. I wonder if it would be a useful area to explore in terms of standardization since MUA-based HTML pages suffer many of the same attacks as regular browsers do. That seems to be an attack surface that's largely unaddressed here. _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
