- From: Oda, Terri <terri.oda@intel.com>
- Date: Mon, 2 Dec 2013 16:35:48 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "Hill, Brad" <bhill@paypal.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Is UISecurity really the best name for this? The focus seems to be on input protection, but typically a UI is considered both input and output, but unless I'm mis-reading it, this doesn't seem to do much output protection (although I suppose there would be potential for layout protection/enforcement based on the heuristics described, it doesn't appear that such protections are the goal). Maybe the title of this document should be something a bit more precise such as "input security" or "clickjacking mitigation" to make the purpose of these directives more clear to new readers?
Received on Tuesday, 3 December 2013 00:36:17 UTC