-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Overall review of features which enable/disable subframe or subresource capabilities #525
Labels
Progress: in progress
Review type: deep thoughts
Topic: Design Principles
we believe this design review will inform our work on the Web Platform Design Principles document.
Topic: HTML
Topic: security features
Venue: TAG
Comments
hober
added
Topic: HTML
Progress: untriaged
Topic: security features
Review type: deep thoughts
Venue: TAG
Topic: Design Principles
we believe this design review will inform our work on the Web Platform Design Principles document.
labels
Jun 15, 2020
5 tasks
This is closely related to w3ctag/design-principles#41. |
@hober and @atanassov started a spreadsheet to build up information about these features in a prior breakout. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Progress: in progress
Review type: deep thoughts
Topic: Design Principles
we believe this design review will inform our work on the Web Platform Design Principles document.
Topic: HTML
Topic: security features
Venue: TAG
We're concerned with the large number of features used to constrain/grant access to capabilities in subframes/subresources. The large number of related, yet distinct knobs, and the different kind of knobs, makes it challenging for authors to do the right thing.
We hope that a review of all of these mechanisms may identify areas where simplification or consolidation could occur while still enabling all necessary use cases. We also hope this review will result in related changes to the Web Platform Design Principles document, to help spec authors in the future when they consider adding yet another feature in this area.
This came up during our review of #397. Possibly-related older reviews include
sec-metadata
#280The text was updated successfully, but these errors were encountered: