On Wed, May 18, 2011 at 12:04 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 05/18/2011 09:45 PM, From Adam Barth: >> We tried aggressively blocking active mixed content by default in the >> Chrome Dev channel, but too much broke. We're going to unblock it >> again and try to find some middle road. > > That's a shame and very regrettable. Together with IE9 you could have made a > difference in order to pull over other browser vendors to do the same, which > in turn would have put the pressure elsewhere (those that provide stuff to > embed with their sites).
Indeed, which is why we experimented with a hard block. Our plan is to move in smaller steps, hopefully in coordination with other browser vendors. > IMO, mixed content breaks the security and concept entirely. Not entirely, but often. Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
