Closed jwatt closed 7 years ago
(Also, opaque identifier -> opaque origin.)
I'm happy to provide PRs if that seems acceptable.
Can you spell out what this would mean, practically? When can we determine that a document is sandboxed that doesn't involve looking at it's URL? Is this just about data:
?
If there's anything to do here, let's fold it into the discussion at https://github.com/w3c/webappsec-secure-contexts/issues/26.
Regarding step 5 of the Is settings object a secure context? algorithm:
Could we insert the following as a step before that: