- From: Hill, Brad <bhill@paypal.com>
- Date: Tue, 3 Dec 2013 01:27:23 +0000
- To: "Oda, Terri" <terri.oda@intel.com>
- CC: Anne van Kesteren <annevk@annevk.nl>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
It does als encompass (currently) the frame-options directive, which governs under what embedding circumstances the user agent should deliver (output?) a UI at all. On Dec 2, 2013, at 4:35 PM, Oda, Terri <terri.oda@intel.com> wrote: > Is UISecurity really the best name for this? The focus seems to be on > input protection, but typically a UI is considered both input and > output, but unless I'm mis-reading it, this doesn't seem to do much > output protection (although I suppose there would be potential for > layout protection/enforcement based on the heuristics described, it > doesn't appear that such protections are the goal). Maybe the title > of this document should be something a bit more precise such as "input > security" or "clickjacking mitigation" to make the purpose of these > directives more clear to new readers?
Received on Thursday, 5 December 2013 21:53:20 UTC