W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: [UI Security] iframe URL indicator

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 22 Feb 2016 04:59:09 +0000
Message-ID: <CAEeYn8iXw2oUa0idKUf5RPyovXJPB7zt9wOawzV8MSKvCeDx4A@mail.gmail.com>
To: Bil Corry <bil@corry.biz>, public-webappsec@w3.org
These kinds of decisions have proven in practice to be beyond the ability
of groups like ours to specify well.  Our intuituons about users'
understandings are not as good as data, may not be universal, or may need
different treatment on different devices and experiences.  With my editor
hat on, I'm inclined to leave this to each UA to experiment with and
determine what is best for their userbase.

-Brad

On Sat, Feb 13, 2016, 5:21 AM Bil Corry <bil@corry.biz> wrote:

> Hi,
>
> i was reviewing the UI Security draft [1] and wondered if there were plans
> to incorporate IronFrame's URL indicator for the iframe domain [2].  That
> is to say, will a user be able to see the URL of the iframe that is in
> focus?
>
> Thanks,
>
> - Bil
>
>
> [1] http://w3c.github.io/webappsec-uisecurity/
>
> [2] Slide 72:
> http://dankaminsky.com/2015/08/09/defcon-23-lets-end-clickjacking/
>
Received on Monday, 22 February 2016 04:59:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC