W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [websec] Last Call Announcement: UI Security at W3C WebAppSec WG

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Mon, 24 Mar 2014 18:44:02 +0200
Cc: "websec@ietf.org" <websec@ietf.org>
Message-Id: <C00B9DF1-5745-4547-AF94-03332BED3F3A@gmail.com>
To: "Hill, Brad" <bhill@paypal.com>, public-webappsec@w3.org
Hi, Brad

Thanks for sending this, and I will review this more carefully soon, but one thing that I noticed with a cursory look is that sections 4-7 were probably meant to be sub-sections of section 3.

Yoav

On Mar 21, 2014, at 9:45 PM, Hill, Brad <bhill@paypal.com> wrote:

> WebSec WG members,
> 
>  The WebAppSec WG at the W3C has recently announced a Last Call Working Draft of "User Interface Directives for Content Security Policy".
> 
> http://www.w3.org/TR/UISecurity/
> 
>  This specification describes a set of policy statements and screen-shot comparison heuristics that web resource authors and user agents may use to protect embedded or framed resources from "clickjacking" attacks.  The "frame-options" directive, an evolution of the "X-Frame-Options" header, was briefly part of this spec, although now it has been moved to the mainstream CSP 1.1 specification as "frame-ancestors".
> 
> The WG would appreciate review and comments.  The last call period ends 18-June-2014, and comments can be submitted to:
> 
>   public-webappsec@w3.org
> 
> Thank you,
> 
> Brad Hill
> Co-chair, WebAppSec WG
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
Received on Tuesday, 25 March 2014 10:34:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC