On Sat, Nov 13, 2010 at 5:37 PM, Ingo Chao <i4c...@googlemail.com> wrote: > 2010/11/13 timeless <timel...@gmail.com>: [snip] > Good contracts with the component's providers of a mashup are > neccessary, but not sufficient to resolve the mixed https/http issue > in reality. Another ingredient for a secure mashup would be the event > I am proposing, to alert the mashup's owner that something was going > wrong, by mistake. That a component was loaded insecure.
This sounds to me like the kind of reasoning which resulted in the CSP policy set stuff: https://developer.mozilla.org/en/Security/CSP (and, in particular, the violation reports)