- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Mon, 24 Mar 2014 18:44:02 +0200
- To: "Hill, Brad" <bhill@paypal.com>, public-webappsec@w3.org
- Cc: "websec@ietf.org" <websec@ietf.org>
Hi, Brad Thanks for sending this, and I will review this more carefully soon, but one thing that I noticed with a cursory look is that sections 4-7 were probably meant to be sub-sections of section 3. Yoav On Mar 21, 2014, at 9:45 PM, Hill, Brad <bhill@paypal.com> wrote: > WebSec WG members, > > The WebAppSec WG at the W3C has recently announced a Last Call Working Draft of "User Interface Directives for Content Security Policy". > > http://www.w3.org/TR/UISecurity/ > > This specification describes a set of policy statements and screen-shot comparison heuristics that web resource authors and user agents may use to protect embedded or framed resources from "clickjacking" attacks. The "frame-options" directive, an evolution of the "X-Frame-Options" header, was briefly part of this spec, although now it has been moved to the mainstream CSP 1.1 specification as "frame-ancestors". > > The WG would appreciate review and comments. The last call period ends 18-June-2014, and comments can be submitted to: > > public-webappsec@w3.org > > Thank you, > > Brad Hill > Co-chair, WebAppSec WG > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
Received on Tuesday, 25 March 2014 10:34:07 UTC