[whatwg] Clickjacking and CSRF

On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote:
> Note that Content Security Policies[1] can be used to deal with
> clickjacking. So far we've gotten a lot of positive feedback to CSP
> and are in progress of implementing it in firefox. So it's a possible
> solution to this.

Is Mozilla planning to run CSP through a usual standards body like the
W3C, either before or after implementation?  If you plan to
standardize it after implementation, why not before instead?  CSP
looks really exciting, but I'm not clear on whether or when it will be
standardized -- I've heard talk of implementing it, but not of
standardizing it.

Received on Wednesday, 15 July 2009 18:48:41 UTC