- From: <bugzilla@jessica.w3.org>
- Date: Mon, 23 Aug 2010 21:05:15 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=10068
Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bhawkeslewis@googlemail.com
--- Comment #42 from Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com> 2010-08-23 21:05:12 ---
(In reply to comment #38)
There may well be good examples of "noscript" use; I'm not sure about Adam's
examples.
> <noscript><meta http-equiv=refresh content="0; URL=/home.php?_fb_noscript=1"
> /></noscript>
Adam, would you mind joining the dots for this one? I can see what this does,
but what is it for and how is "noscript" helping here?
<noscript><meta http-equiv="X-Frame-Options" content="deny"/></noscript>
"X-Frame-Options" is an invalid "http-equiv" value in the current editor's
draft:
http://www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#attr-meta-http-equiv
But even if it were valid, how does "noscript" help here? Shouldn't
"X-Frame-Options" always be sent as a real HTTP header?
http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 23 August 2010 21:05:17 UTC