Apologies for digging up an old thread; I didn't see it until now. On Thu, Jul 24, 2014 at 7:59 AM, Alexey Proskuryakov <[email protected]> wrote: > In other words, how is "active content" defined here?
Note that the WebAppSec WG is working on a mixed content spec that drops the "active"/"passive" distinction in favor of "stuff we can block without breaking the web"/"images": http://w3c.github.io/webappsec/specs/mixedcontent/#categories Feedback on that document would be welcome. As Michael notes in his response, Chrome is busy tightening its implementation to match that spec. Some details on that in https://groups.google.com/a/chromium.org/d/msg/security-dev/Uxzvrqb6IeU/wb51F3nV7csJ -mike
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
