W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 05 Mar 2013 05:41:48 +0000
Message-Id: <E1UCkdI-0006uM-6i@tibor.w3.org>
To: public-webappsec@w3.org 
webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

http://www.w3.org/2011/webappsec/track/issues/45

Raised by: Brad Hill
On product: UI Security

The current UI Security draft specifies a 'top-only' keyword source for the frame-options directive to preserve exact compatibility with X-Frame-Options.

This is actually a dangerous and mis-understood behavior:

https://bugzilla.mozilla.org/show_bug.cgi?id=725490

Is there a good reason to keep the 'top-only' behavior?
Received on Tuesday, 5 March 2013 05:41:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 March 2013 05:41:49 GMT