John R Levine <johnl@xxxxxxxxx> wrote:
Nothing here changes the existing security model.
If you are talking JS making DNS queries, then I disagree. I'm no
longer sure what you are talking about, of course.
No matter what DNS queries Javascript makes, the existing rules about what
URIs a script can fetch are unchanged. If you're worried that a naughty
server can tunnel naughty traffic, you certainly don't need the DNS for
that.
Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly