Unpacking Google’s new “dangerous” Web-Environment-Integrity specification - eviltoast

Will accessibility tools that rely on automating input to the browser cause it to become untrusted? Will it affect extensions? The spec does currently specify a carveout for browser modifications and extensions, but those can make automating interactions with a website trivial. So, either the spec is useless or restrictions will eventually be applied there too.

  • SkepticElliptic@beehaw.org
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    The biggest issue I see is not being able to block malicious scripts from running. An all or nothing approach is a terrible terrible idea.