[webappsec] new UISecurity draft, based on IronFrame and IntersectionObserver

I've finally got a new UISecurity draft based on the Observer API pattern
up in its own repository and available for review!

http://w3c.github.io/webappsec-uisecurity/
https://github.com/w3c/webappsec-uisecurity

The updated spec takes the core idea of Kaminsky's IronFrame and puts it in
an API context that looks very similar to IntersectionObserver.  Some key
differences are described in a note in the introduction section.  This spec
also introduces a declarative API through a Content Security Policy
directive, implemented in terms of the observer internals.
IntersectionObserver is a great concept and API, but I think it meets
primarily advertising use cases, and doesn't really solve many common
clickjacking attacks.

Feedback would be *greatly* appreciated.

-Brad Hill (as editor)

Received on Thursday, 3 December 2015 23:38:11 UTC