[webappsec] new draft of UI Security available

A new Editors' Draft of UI Security is now available at:


This version changes the spec name from "UI Safety" to "UI Security", resolves most of the previously noted issues and TODOs in the FPWD, cleans up example language and markup, fills-in missing references, and addresses comments to the list, including recent review by David Ross.  It changes the ABNF of frame-options to allow multiple values for host-source, while discouraging this in non-normative discussion.

A complete diff with the FPWD can be viewed at:


I think we're getting pretty close on this one, actually.  I'd like to discuss publishing this as a new Working Draft on the next call, so detailed review is appreciated.


Brad Hill

Received on Tuesday, 5 March 2013 05:32:29 UTC