On 03/15/2012 10:52 AM, Adrienne Porter Felt wrote:
I'd also like to raise the issue of what happens to permissions when principals interact. Do webapps have iframes like websites? Can they embed advertisements? Do the advertisers then get all of the permissions?
How crazy would "no iframes in webapps" be? Or perhaps "no cross-origin iframes in webapps"?
zw _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security