1. If a user already gave permission to certain origin (e.g. skype.com), and that origin had HTML injection, does that mean attacker can now silently inherit permission from skype.com?
2. If so, how can a website mitigate the risk of permission being silently taken to third party website? _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
