Re: [webappsec] Call for Consensus: UISecurity to Last Call Working Draft

It does als encompass (currently) the frame-options directive, which governs under what embedding circumstances the user agent should deliver (output?) a UI at all.

On Dec 2, 2013, at 4:35 PM, Oda, Terri <> wrote:

> Is UISecurity really the best name for this?  The focus seems to be on
> input protection, but typically a UI is considered both input and
> output, but unless I'm mis-reading it, this doesn't seem to do much
> output protection (although I suppose there would be potential for
> layout protection/enforcement based on the heuristics described, it
> doesn't appear that such protections are the goal).  Maybe the title
> of this document should be something a bit more precise such as "input
> security" or "clickjacking mitigation" to make the purpose of these
> directives more clear to new readers?

Received on Thursday, 5 December 2013 21:53:20 UTC