Re: [webappsec] Call for Consensus: UISecurity to Last Call Working Draft

Is UISecurity really the best name for this?  The focus seems to be on
input protection, but typically a UI is considered both input and
output, but unless I'm mis-reading it, this doesn't seem to do much
output protection (although I suppose there would be potential for
layout protection/enforcement based on the heuristics described, it
doesn't appear that such protections are the goal).  Maybe the title
of this document should be something a bit more precise such as "input
security" or "clickjacking mitigation" to make the purpose of these
directives more clear to new readers?

Received on Tuesday, 3 December 2013 00:36:17 UTC