W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea)

From: Devdatta <dev.akhawe@gmail.com>
Date: Sun, 6 Dec 2009 00:47:16 -0800
Message-ID: <ecf35a1b0912060047h52292ba0secacf73418035c3@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
>
> And if developers start using the example that is given in the spec, then a
> lot of people (devs often just follow documentation without thinking
> twice) will miss the fact that attackers can inject a link instead of an
> iframe.
>

+1 .. that example is really broken.


cheers
devdatta
Received on Sunday, 6 December 2009 08:48:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT