W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Clickjacking and CSRF

From: Jeremy Orlow <jorlow@chromium.org>
Date: Wed, 15 Jul 2009 18:53:46 -0700
Message-ID: <5dd9e5c50907151853p5693048bhb040b32ec154e770@mail.gmail.com>
On Wed, Jul 15, 2009 at 6:48 PM, Aryeh Gregor
<Simetrical+w3c at gmail.com<Simetrical%2Bw3c at gmail.com>
> wrote:

> On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote:
> > Note that Content Security Policies[1] can be used to deal with
> > clickjacking. So far we've gotten a lot of positive feedback to CSP
> > and are in progress of implementing it in firefox. So it's a possible
> > solution to this.
>
> Is Mozilla planning to run CSP through a usual standards body like the
> W3C, either before or after implementation?  If you plan to
> standardize it after implementation, why not before instead?  CSP
> looks really exciting, but I'm not clear on whether or when it will be
> standardized -- I've heard talk of implementing it, but not of
> standardizing it.
>

Didn't Ian, 2 messages back, suggest that vendors experiment and bring their
results back to the table at a later date?  Or has CSP never been discussed
here?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090715/adfa14c3/attachment.htm>
Received on Wednesday, 15 July 2009 18:53:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC