[whatwg] Prevent a document from being manipulated by a "top" document from Dennis Joachimsthaler on 2011-08-02 (public-whatwg-archive@w3.org from August 2011)

From: Dennis Joachimsthaler <dennis@efjot.de>
Date: Tue, 02 Aug 2011 12:33:18 +0200
Message-ID: <op.vzk0xsbn48yz2f@dennis-work.fritz.box>

Hello Anne,

I took a look at the X-Frame-Options and it only disallows displaying
in a frame, not forbidding only script access.

Also this is another case of a HTTP header that would also find a good
place in the HTML itself, like with the Content-Disposition attribute
I suggested (and now got standardized).

Am 02.08.2011, 12:30 Uhr, schrieb Anne van Kesteren <annevk at opera.com>:

> On Tue, 02 Aug 2011 12:21:31 +0200, Dennis Joachimsthaler  
> <dennis at efjot.de> wrote:
>> [...]
>
> The X-Frame-Options header addresses this if I understand the concern  
> correctly.
>

Received on Tuesday, 2 August 2011 03:33:18 UTC