W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [websec] Last Call Announcement: UI Security at W3C WebAppSec WG

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Mon, 24 Mar 2014 18:44:02 +0200
Cc: "websec@ietf.org" <websec@ietf.org>
Message-Id: <C00B9DF1-5745-4547-AF94-03332BED3F3A@gmail.com>
To: "Hill, Brad" <bhill@paypal.com>, public-webappsec@w3.org
Hi, Brad

Thanks for sending this, and I will review this more carefully soon, but one thing that I noticed with a cursory look is that sections 4-7 were probably meant to be sub-sections of section 3.


On Mar 21, 2014, at 9:45 PM, Hill, Brad <bhill@paypal.com> wrote:

> WebSec WG members,
>  The WebAppSec WG at the W3C has recently announced a Last Call Working Draft of "User Interface Directives for Content Security Policy".
> http://www.w3.org/TR/UISecurity/
>  This specification describes a set of policy statements and screen-shot comparison heuristics that web resource authors and user agents may use to protect embedded or framed resources from "clickjacking" attacks.  The "frame-options" directive, an evolution of the "X-Frame-Options" header, was briefly part of this spec, although now it has been moved to the mainstream CSP 1.1 specification as "frame-ancestors".
> The WG would appreciate review and comments.  The last call period ends 18-June-2014, and comments can be submitted to:
>   public-webappsec@w3.org
> Thank you,
> Brad Hill
> Co-chair, WebAppSec WG
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
Received on Tuesday, 25 March 2014 10:34:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC