On Tue, 2014-08-05 at 11:03 +0200, Mike West wrote: > Apologies for digging up an old thread; I didn't see it until now. > > On Thu, Jul 24, 2014 at 7:59 AM, Alexey Proskuryakov <[email protected]> > wrote: > > In other words, how is "active content" defined here? > > Note that the WebAppSec WG is working on a mixed content spec that > drops the "active"/"passive" distinction in favor of "stuff we can > block without breaking the web"/"images": > http://w3c.github.io/webappsec/specs/mixedcontent/#categories Feedback > on that document would be welcome. > > As Michael notes in his response, Chrome is busy tightening its > implementation to match that spec. Some details on that in > https://groups.google.com/a/chromium.org/d/msg/security-dev/Uxzvrqb6IeU/wb51F3nV7csJ > > -mike
Thanks Mike, I will definitely read that spec and keep it in mind as an end goal. Our mixed content blocking will probably not be so comprehensive at first, but it's good to have a formal goal and also indicates that I might have been mistaken to expose "block active mixed content" and "block passive mixed content" as separate settings -- probably "block all mixed content" and "block selected mixed content" would be more sensible levers for browsers to have. Michael _______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
