W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Clickjacking and CSRF

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 16 Jul 2009 00:26:19 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0907160019250.23663@hixie.dreamhostps.com>

There have been a number of discussions about clickjacking, 
X-Frame-Options, and other proposals.

Nobody I've spoken to seems especially happy with X-Frame-Options, and 
none of the other proposals have yet gotten serious traction.

I have therefore not added anything of this nature to the HTML5 spec yet. 
I propose that from a standardisation perspective, we continue to wait to 
get more implementation experience and document the end result once we 
are more confident that a long-term solution has been found.

I recommend that people interested in this field work with browser vendors 
to get experimental implementations of their proposals, so that we can 
study their effects on Web content.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 15 July 2009 17:26:19 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC