W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2013

Re: [webappsec] Call for Consensus: UISecurity to Last Call Working Draft

From: Oda, Terri <terri.oda@intel.com>
Date: Mon, 2 Dec 2013 16:35:48 -0800
Message-ID: <CACoC0R82C5YNK7DYFwWfCfWToSpZpPvohr24dc=fr2ym+h-Zcw@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "Hill, Brad" <bhill@paypal.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Is UISecurity really the best name for this?  The focus seems to be on
input protection, but typically a UI is considered both input and
output, but unless I'm mis-reading it, this doesn't seem to do much
output protection (although I suppose there would be potential for
layout protection/enforcement based on the heuristics described, it
doesn't appear that such protections are the goal).  Maybe the title
of this document should be something a bit more precise such as "input
security" or "clickjacking mitigation" to make the purpose of these
directives more clear to new readers?
Received on Tuesday, 3 December 2013 00:36:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:35 UTC