On Fri, Mar 6, 2015 at 10:12 AM, <andreas....@gmail.com> wrote: >> >> You might say that having a local network attacker able to see what >> your webcam is looking at is not scary, but I'm going to disagree. >> Also c.f. RFC 7258. > > I asked for something very specific: popups. What is the threat model for the > popup permission state?
I have the same reaction. Not allowing the user to remember that popups should be enabled on a http site is going to "break" a lot of websites I bet. In that users will have to constantly re-enable popups. I don't think the added security benefit of possibly preventing a MITM from opening popups is worth it. I.e. I think we'll end up annoying far more users by having them constantly re-enable popups, than we save users from annoyance by preventing a MITM from opening a popup the user didn't want. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
