ISSUE-20: If browsers apply UI Security heuristic without an explicit opt-in policy, should we always block and not have the unsafe UIEvent property
If browsers apply UI Security heuristic without an explicit opt-in policy, should we always block and not have the unsafe UIEvent property
- State:
- CLOSED
- Product:
- UI Security
- Raised by:
- Opened on:
- 2012-11-01
- Description:
- What should be the recommended default behavior for UI Security heuristics?
Block, or report (set unsafe flag on event) - Related Actions Items:
ACTION-108 on Brad Hill to to query list on whether default UI Security hueristic behavior should be block or report - due 2013-01-22, closed- Related emails:
- No related emails
Related notes:
This does not need to be specified - an open decision to implementers for experimentation if they desire.
Brad Hill, 25 Nov 2013, 22:32:23Display change log