[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

On Sat, 27 Sep 2008, Anne van Kesteren wrote:

> Could you list these comprehensive designs perhaps?

I mean, proposals to make it possible for sites to opt in for explicitly 
controlling various cross-domain interactions now permitted by default 
(which includes including scripts, making POST requests, IFRAMEing 
content, etc)... Say:

   http://people.mozilla.org/~bsterne/content-security-policy/

...(which I do not like for a number of reasons, but that's a separate 
thread), or proposals from OpenAjax, etc; I also seem to recall seeing 
something along these lines proposed by Microsoft. Many of these 
essentially extend the basic mechanisms proposed for cross-domain 
XMLHttpRequest.

/mz

Received on Saturday, 27 September 2008 05:48:56 UTC