The reporting infrastructure does seem pretty easy to modularize but
it's also a bit exceptional as it doesn't drive any actual content
behaviors. I'm going to have to chew on this some more but my primary
concern remains that this approach could increase complexity and
reduce reliability in the long run (esp. when combined with fragmented
implementation by user agents).
Lucas.
On Oct 20, 2009, at 15:49, Adam Barth <[email protected]>
wrote:
On Tue, Oct 20, 2009 at 3:35 PM, Lucas Adamski <[email protected]>
wrote:
The problem with modules I see is they will complicate the model in
the long
run, as the APIs they govern will not be mutually exlusive. What
if 3
different modules dictate image loading behaviors? What if the
given user
agent in a scenario does not implement the module where the most
restrictive
of the 3 policies is specified?
This seems like a question of granularity. Presumably a decomposition
that has three modules competing to control image loads is too
granular. There seem to be some clear wins to modularizing the
current spec. For example, the reporting infrastructure seems
independent of whether you can block XMLHttpRequest targets.
Adam
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
