On Sat, Sep 13, 2014 at 12:38 AM, Anne van Kesteren
wrote:
> On Sat, Sep 13, 2014 at 12:07 AM, Martin Thomson wrote
>
> > An iframe embed is different, but in that context, the framed site
> > retains complete control over its content and is arguably competent to
> > ensure that it isn't abused
On Sat, Sep 13, 2014 at 12:07 AM, Martin Thomson wrote:
> On 12/09/14 13:59, Anne van Kesteren wrote:
>> But shouldn't it be aware of this so you can adequately scope the
>> permission? E.g. I could granthttps://amazingmaps.example/ when
>> embedded throughhttps://okaystore.invalid/ permission t
2 matches
Mail list logo
