- From: Jim Manico <jim.manico@owasp.org>
- Date: Mon, 2 Feb 2015 07:58:20 -0800
- To: Mike West <mkwst@google.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, WebAppSec WG <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>, Adam Langley <agl@google.com>
> The only way to support clients that don't support the thing we haven't implemented yet would be to alter the links at the source. You can always have JavaScript do this for you... Take Clickjacking defense: Just like X-Frame-Options issues with legacy clients, there are pure Js framebusting solutions that are rameasonable. -- Jim Manico @Manicode (808) 652-3805 > On Feb 2, 2015, at 7:50 AM, Mike West <mkwst@google.com> wrote: > > The only way to support clients that don't support the thing we haven't implemented yet would be to alter the links at the source.
Received on Monday, 2 February 2015 15:58:49 UTC