On 13/04/15 15:57, Richard Barnes wrote: > Martin Thomson and I drafted a > one-page outline of the plan with a few more considerations here: > > https://docs.google.com/document/d/1IGYl_rxnqEvzmdAP9AJQYY2i2Uy_sW-cg9QI9ICe-ww/edit?usp=sharing
Are you sure "privileged contexts" is the right phrase? Surely contexts are "secure", and APIs or content is "privileged" by being only available in a secure context? There's nothing wrong with your plan, but that's partly because it's hard to disagree with your principle, and the plan is pretty high level. I think the big arguments will be over when and what features require a secure context, and how much breakage we are willing to tolerate. I know the Chrome team have a similar plan; is there any suggestion that we might coordinate on feature re-privilegings? Would we put an error on the console when a privileged API was used in an insecure context? Gerv _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
