Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update sandbox flag list #2

Merged
merged 1 commit into from
Jan 9, 2014
Merged

update sandbox flag list #2

merged 1 commit into from
Jan 9, 2014

Conversation

deian
Copy link
Member

@deian deian commented Jan 9, 2014

Missing allow-pointer-lock and allow-popups.

@mikewest
Copy link
Member

mikewest commented Jan 9, 2014

LGTM, thanks for updating this section!

mikewest added a commit that referenced this pull request Jan 9, 2014
@mikewest
Merge pull request #2 from deian/master
f8273b9 
update sandbox flag list
@mikewest mikewest merged commit f8273b9 into w3c:master Jan 9, 2014
mikewest added a commit that referenced this pull request Jan 11, 2014
@mikewest
Clarify intent of use-case #2.
0ef8f05
mikewest added a commit that referenced this pull request Nov 13, 2014
@mikewest
Rephrase issue #2 to make it clear that we want to do this.
2c7b155
@dlongley dlongley mentioned this pull request Apr 16, 2015
Open
@mikewest mikewest mentioned this pull request Apr 24, 2015
Closed
mikewest added a commit that referenced this pull request Jun 22, 2015
@mikewest
MIX: Clarify mixed content "resources" vs "requests".
8732a84 
Jeff Hodges noted in [1] that MIX was a bit iffy from an editorial
perspective with regared to defining mixed content in terms of resources
loaded into a context, while at the same time banning certain resource
loads entirely. This patch attempts to clean things up by defining
"mixed content" in terms of both resources and requests, and adjusting
the definitions of "optionally-blockable" and "blockable" to match. Each
of these terms now covers the following:

1.  A request for an insecure resource that is blocked before the resource
    is loaded into the requesting context.

2.  A request for an insecure resource that is allowed to proceed despite
    its mixed nature.

3.  An insecure resource that is loaded into a secure context via a
    request described by #2.

Thanks, @equalsJeffH!

[1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0107.html
@randomdross randomdross mentioned this pull request Jun 23, 2015
Open
mikewest pushed a commit to mikewest/webappsec that referenced this pull request Jun 29, 2015
@tabatkins
Merge pull request w3c#2 from SimonSapin/master
8cbdb15 
Add a setup.py
hillbrad added a commit that referenced this pull request Apr 5, 2016
@hillbrad
Merge pull request #2 from w3c/polish_001
3ad4334 
polish - rename unsafe to isUnsafe for consistency with isTrusted, detail integration with DOM event dispatch, fix bikeshed warnings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@deian @mikewest