W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2015

Re: [powerful-features] Framing

From: Mike West <mkwst@google.com>
Date: Thu, 15 Oct 2015 13:30:16 +0200
Message-ID: <CAKXHy=cOCJs72eBf8s4uDUhjetfUO-HCojarH5DQTJjt5zB-NA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Richard Barnes <rbarnes@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Oct 15, 2015 at 12:00 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Thu, Oct 15, 2015 at 9:09 AM, Mike West <mkwst@google.com> wrote:
>> Would that really provide any value above and beyond `frame-ancestors https:`?
>
> It would for various URL schemes that are not entirely unrealistic in
> an ancestor chain, e.g., about:blank, about:srcdoc, data:....

Interesting. *shrug* I guess we could add something for those, but I'm
still not really convinced that there's substantial value. Filed
https://github.com/w3c/webappsec-csp/issues/23 so it doesn't get lost.

-mike
Received on Thursday, 15 October 2015 11:31:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC