W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

RE: webappsec-ISSUE-45 ('top-only'): Is 'top-only' worth preserving? [UI Security]

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 12 Mar 2013 14:03:08 +0000
To: Anne van Kesteren <annevk@annevk.nl>, Ian Melven <imelven@mozilla.com>
CC: Tobias Gondrom <tobias.gondrom@gondrom.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E2795D33D@DEN-EXDDA-S12.corp.ebay.com>

> -----Original Message-----
> From: annevankesteren@gmail.com [mailto:annevankesteren@gmail.com] On
> Behalf Of Anne van Kesteren
> 
> If CSP supplants XFO it should document XFO and their mutual interaction (and
> not just as a consideration, but just give the rules implementations should
> follow).
> 

[Hill, Brad] That's covered in 

https://dvcs.w3.org/hg/user-interface-safety/raw-file/0475e30847bf/user-interface-safety.html 

but I would certainly appreciate comments to make the behavior more explicit if you feel such is necessary.

-Brad
Received on Tuesday, 12 March 2013 14:03:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC