W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2011

[whatwg] Prevent a document from being manipulated by a "top" document

From: Dennis Joachimsthaler <dennis@efjot.de>
Date: Tue, 02 Aug 2011 12:33:18 +0200
Message-ID: <op.vzk0xsbn48yz2f@dennis-work.fritz.box>
Hello Anne,

I took a look at the X-Frame-Options and it only disallows displaying
in a frame, not forbidding only script access.

Also this is another case of a HTTP header that would also find a good
place in the HTML itself, like with the Content-Disposition attribute
I suggested (and now got standardized).

Am 02.08.2011, 12:30 Uhr, schrieb Anne van Kesteren <annevk at opera.com>:

> On Tue, 02 Aug 2011 12:21:31 +0200, Dennis Joachimsthaler  
> <dennis at efjot.de> wrote:
>> [...]
>
> The X-Frame-Options header addresses this if I understand the concern  
> correctly.
>
Received on Tuesday, 2 August 2011 03:33:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:08 UTC