Specification authors are encouraged to use this attribute when defining newįeatures. This interface will not be exposed to non-secure contexts. The same applies here: the operation will not be exposed to a non-secure context. This operation will not be exposed to a non-secure context. This call will succeed in all contexts. The following examples summarize the normative text which follows: 1.1. The algorithmsĭefined below ensure that these bypasses are difficult and user-visible. As § 4.2 Ancestral Risk explains, cooperative frames can beĪbused to bypass otherwise solid restrictions on a feature. Less obviously, application code delivered over an authenticated and confidentialĬhannel isn’t enough in and of itself to limit the use of powerful features by Privacy requirements, but it is a necessary precondition. Delivering code securelyĬannot ensure that an application will always meet a user’s security and With access to sensitive or private data be delivered confidentially overĪuthenticated channels that guarantee data integrity. The most obvious of the requirements discussed here is that application code Incorporated into documents specifying new features (see § 7 Implementation Considerations). This document describes threat models for feature abuse on the web (see § 4.1 Threat Models) and outlines normative requirements which should be As an extension of the TAG’s recommendations in , Which enable those applications are enabled only in contexts which meet a minimum 4.3 Risks associated with non-secure contextsĪs the web platform is extended to enable more useful and powerfulĪpplications, it becomes increasingly important to ensure that the features.3.1 Is origin potentially trustworthy?.This document is governed by the 15 September 2020 W3C Process Document. That page also includes instructions for disclosing a patent.Īn individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group This document was produced by a group operating under The Working Group will prepare an implementation report to track progress. Passing the user agent tests defined in the test suite developed by the Working Implementation all the features of this specification, which will be determined by Is to have a minimum of two independent and interoperable user agents that The entrance criteria for this document to enter the Proposed Recommendation stage Inappropriate to cite this document as other than work in progress. May be updated, replaced or obsoleted by other documents at any time. Previous Candidate Recommendation that the Working Group intends to include inĪ subsequent Candidate Recommendation Snapshot. A Candidate Recommendation Draft integrates changes from the Publication as a Candidate Recommendation does not imply endorsement by the Please put the text “secure-contexts” in the subject, Is preferred for discussion of this specification. The ( archived) public mailing list (see instructions) This document is intended to become a W3C Recommendation. This document was published by the Web Application Security Working Group as a Candidate Recommendation Draft. A list ofĬurrent W3C publications and the latest revision of this technical reportĬan be found in the W3C technical reports Other documents may supersede this document. This section describes the status of this document at the time of
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |