>Conversely, there would be another attack to link to
>attacker spaces on already-trusted sites (but no top-level) >and get silently
>access too.
That is not silent, because user would have already granted permission to that
origin to access in previous model.
>Besides, if a user granted skype
1. If a user already gave permission to certain origin (e.g. skype.com), and
that origin had HTML injection, does that mean attacker can now silently
inherit permission from skype.com?
2. If so, how can a website mitigate the risk of permission being silently
taken to third party website?
_
How will you leak Geo Location, Camera data, etc, using HTML injecting? I’m
saying the origin is vulnerable to HTML injection, and origin is not malicious.
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/de
When are you expecting to land this to nightly?
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
4 matches
Mail list logo
