On Sat, Jun 18, 2016 at 4:55 PM, Anne van Kesteren <ann...@annevk.nl> wrote:
> On Sat, Jun 18, 2016 at 2:37 PM, Eric Rescorla <e...@rtfm.com> wrote: > > The priority of this proposed feature seems to depend rather a lot on > > whether enough > > advertisers are using WebRTC to deliver ads to make it worth some ad > > blocker being > > interest in adding such a blocker. Do we have any evidence on this front? > > Isn't the problem more that if you use CSP to block outgoing > connections, WebRTC can be used for exfiltration during XSS? That wasn't the concern I understood Paul to be raising: "for example, ad blockers use content policy to block ads". With that said, this does seem like a potential problem, though perhaps a more tractable one, in that the CSP restrictions are whitelists rather than blacklists. -Ekr _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
