- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Wed, 12 Nov 2008 17:02:02 +1300
On Wed, Nov 12, 2008 at 4:22 PM, Tim Starling <tstarling at wikimedia.org>wrote: > JavaScript already has measures along the lines of (2), in the context > of frames. The information a script can obtain about a frame from a > different origin is carefully restricted. I think that a similar > solution would be best. It has the advantage of consistency and proven > security. > I would say it has a history of proven *insecurity*. Look at clickjacking for example. Anyway, having discussed this with Hixie and Maciej and others a bit on #whatwg, things seem to be leaning towards option 2. Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6] -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081112/32e9ef54/attachment.htm>
Received on Tuesday, 11 November 2008 20:02:02 UTC