Overall review of features which enable/disable subframe or subresource capabilities #525
Labels
Progress: in progress
Review type: deep thoughts
Topic: Design Principles
we believe this design review will inform our work on the Web Platform Design Principles document.
Topic: HTML
Topic: security features
Venue: TAG
We're concerned with the large number of features used to constrain/grant access to capabilities in subframes/subresources. The large number of related, yet distinct knobs, and the different kind of knobs, makes it challenging for authors to do the right thing.
We hope that a review of all of these mechanisms may identify areas where simplification or consolidation could occur while still enabling all necessary use cases. We also hope this review will result in related changes to the Web Platform Design Principles document, to help spec authors in the future when they consider adding yet another feature in this area.
This came up during our review of #397. Possibly-related older reviews include
sec-metadata
#280The text was updated successfully, but these errors were encountered: