hrj
* We are not sure what is meant by "validity of metadata", other than syntax validity. Discussion [here](https://github.com/w3c/webappsec/issues/531) * Check eligibility of response for integrity validation - CORS
The request engine maintains two types of caches: a transient (in memory) cache and a persistent (on disk) cache for cacheable responses. The purpose of the transient cache is not...
### Background While blocking javascript and cookies by default is a great security measure, there is still a wide room left for phishing attacks which usually work through social engineering....
We are currently using `Toolkit.getDefaultTookkit().createImage()` to get an `Image` instance. The advantage of this is that GIF animations are automatically handled by the Image. One possible disadvantage is that we...
The tab bar (when it arrives) can have sections, one of which can be for RSS feeds.
They raise this exception: ``` sun.awt.image.ImageFormatException: Unsupported color conversion request at sun.awt.image.JPEGImageDecoder.readImage(Native Method) at sun.awt.image.JPEGImageDecoder.produceImage(JPEGImageDecoder.java:141) at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:269) at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:205) at sun.awt.image.ImageFetcher.run(ImageFetcher.java:169) ``` Will be uploading a test case soon.
https://www.rfc-editor.org/rfc/rfc7469.txt The RFC includes a section on "privacy considerations" which are ... worth considering.
As per [9.4.1](http://www.w3.org/TR/CSS2/visuren.html#block-formatting), elements with `overflow` other than `visible` should establish a new block formatting context. --- Note: Had tried implementing this with the `relativeOffsetX += adjustX` hack, but that...
Ref: A detailed [analysis](https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview#) by Mozilla on the state of WoSign and StartCom. The gngr.info website also uses a StartCom certificate. We will probably need to use a different CA,...
To allow #219 to be solved and effective, the resolved IP address of a network-request should be pinned, so that assumptions about its origin aren't changed until the actual HTTP...