- From: Robin Berjon <robin@robineko.com>
- Date: Thu, 7 Oct 2010 16:37:17 +0200
- To: Anssi Kostiainen <anssi.kostiainen@nokia.com>
- Cc: "public-device-apis@w3.org WG" <public-device-apis@w3.org>
On Oct 7, 2010, at 10:03 , Anssi Kostiainen wrote: > I'm happy to review the proposal. Clickjacking attacks use iframes to hijack user's session. How about simply preventing API invocation via DOM events within an iframe? Would that be too drastic a measure? I think it would be. It would prevent embedded "widgets" from doing anything with these APIs, which is a severe limitation I'd think. -- Robin Berjon robineko — hired gun, higher standards http://robineko.com/
Received on Thursday, 7 October 2010 14:37:45 UTC