W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 12 Mar 2013 13:58:49 +0000
Message-ID: <CADnb78h+VbP8WfrFCy5MB4fuXx4Jr5zE5Up6koWnyjOTEHbUjw@mail.gmail.com>
To: Ian Melven <imelven@mozilla.com>
Cc: Tobias Gondrom <tobias.gondrom@gondrom.org>, public-webappsec@w3.org
On Mon, Mar 11, 2013 at 5:31 PM, Ian Melven <imelven@mozilla.com> wrote:
> yes, this is the argument i have made in our bug on changing XFO.
>
> I also filed another Mozilla bug for implementing frame-options in CSP :
> https://bugzilla.mozilla.org/show_bug.cgi?id=846978
>
> comments/feedback in either of those bugs are very welcome ! :)

If CSP supplants XFO it should document XFO and their mutual
interaction (and not just as a consideration, but just give the rules
implementations should follow).


-- 
http://annevankesteren.nl/
Received on Tuesday, 12 March 2013 13:59:27 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC