W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Sandboxed iframes (was Re: Seamless iframes + CSS3 selectors = bad idea)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 7 Dec 2009 22:07:14 -0800
Message-ID: <7789133a0912072207k58923207y8b7b74af060fcf6f@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: gaz Heyes <gazheyes@gmail.com>, Maciej Stachowiak <mjs@apple.com>, Boris Zbarsky <bzbarsky@mit.edu>, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
On Mon, Dec 7, 2009 at 9:23 PM, sird@rckc.at <sird@rckc.at> wrote:
> Adam, the Webkit XSS Filter can disable twitter's protection:

Oh, I thought they were doing something more clever.

> So actually...  in my opinion, the correct way is this one: (idea by david
> ross)
>
> http://sla.ckers.org/forum/read.php?2,32339#msg-32343

Ah, that's cute.  David Ross is a smart guy.

Adam
Received on Tuesday, 8 December 2009 06:08:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT