On Thu, Jan 7, 2016 at 10:32 AM, Robert O'Callahan <rob...@ocallahan.org> wrote: > Some of the things that would need to be handled: > -- <input type="file"> controls need to not expose sensitive data about file > paths
No great ideas here other than simply not rendering them. > -- For SVG images we disable native themes to avoid those being inspectable > by the Web site > -- Non-origin-clean canvas images, <video> frames and MediaStream frames > would have to be suppressed > -- Non-same origin content (<img>, <iframe>, etc) would have to be blocked. > This isn't as simple as a change to Fetch, since a site could create an > element and load its contents in an unrestricted browsing context and move > it into a different document with different rules. Well, if we restrict <iframe> and popups, how would you create an unrestricted browsing context? > -- :visited (I do wonder though if with this many restrictions folks would still want this feature, since it cripples quite a few things.) -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
