W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Clickjacking and CSRF

From: Charles McCathieNevile <chaals@opera.com>
Date: Thu, 16 Jul 2009 13:33:42 +0200
Message-ID: <op.uw5rqgr1wxe0ny@widsith.local>
On Thu, 16 Jul 2009 03:48:41 +0200, Aryeh Gregor  
<Simetrical+w3c at gmail.com> wrote:

> On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote:
>> Note that Content Security Policies[1] can be used to deal with
>> clickjacking. So far we've gotten a lot of positive feedback to CSP
>> and are in progress of implementing it in firefox. So it's a possible
>> solution to this.
>
> Is Mozilla planning to run CSP through a usual standards body like the
> W3C, either before or after implementation?  If you plan to
> standardize it after implementation, why not before instead?  CSP
> looks really exciting, but I'm not clear on whether or when it will be
> standardized -- I've heard talk of implementing it, but not of
> standardizing it.

Opera has been actively following up this problem with various browser  
vendors (in particular) in the hopes of at least getting us all together  
in a useful forum. If you're curious, Sigbj?rn is our lead for this effort.

cheers

Chaals

-- 
Charles McCathieNevile  Opera Software, Standards Group
     je parle fran?ais -- hablo espa?ol -- jeg l?rer norsk
http://my.opera.com/chaals       Try Opera: http://www.opera.com
Received on Thursday, 16 July 2009 04:33:42 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC