On 23/04/14 15:12, Brett Zamir wrote: > Of course there is NoScript, but I think sites ought to be able to > submit themselves to restrictions which can lead to the browser > assuring the user that the site in question will not abuse their > privacy, and only submit data back to the server if approved (with > developers at least, being able to inspect the request or response > payload) and/or receive back data if approved. > > I've requested this on the WhatWG list at: > http://comments.gmane.org/gmane.org.w3c.whatwg.discuss/41774
Some of what you are looking for can be done today using Content Security Policy: https://developer.mozilla.org/en-US/docs/Web/Security/CSP For example, disabling scripting: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#script-src and AJAX requests: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#connect-src Francois _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
