Conversation
- Reorganize mitigation strategies for readability - Give additional mitigation strategies names - Map theoretical attack with mitigations - Remove Secure Context from this section ([SecureContext] in IDL is adequate nowadays)
|
@darktears please check that the iframe-related bits reflect the latest in #111 and propose changes as appropriate. I added an inline issue link for that in 9548e1e to bring this to the attention of privacy reviewers. Note I proposed to rename the section from "iframes" to "cross-origin iframes", while this applies to same-origin iframes equally. This was to highlight the cross-origin-ness that is of particular interest to privacy reviewers. More generally, my expectation here is the specification as of now matches the ongoing Origin Trial feature scope. With the trial experience and feedback we're in a better position to make an informed decisions wrt iframe exposure and any other design aspects. I'm looking to initiate a PING review soon, so want to incorporate all information relevant to the reviewers in this privacy considerations section. I will also provide the self-assessment as an additional input. Please also check that resource is up to date. |
Preview | Diff