W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Clickjacking and CSRF

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Wed, 15 Jul 2009 21:48:41 -0400
Message-ID: <7c2a12e20907151848v6f8b232dka609979bccf37a29@mail.gmail.com>
On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote:
> Note that Content Security Policies[1] can be used to deal with
> clickjacking. So far we've gotten a lot of positive feedback to CSP
> and are in progress of implementing it in firefox. So it's a possible
> solution to this.

Is Mozilla planning to run CSP through a usual standards body like the
W3C, either before or after implementation?  If you plan to
standardize it after implementation, why not before instead?  CSP
looks really exciting, but I'm not clear on whether or when it will be
standardized -- I've heard talk of implementing it, but not of
standardizing it.
Received on Wednesday, 15 July 2009 18:48:41 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC