[whatwg] Clickjacking and CSRF
Ian Hickson
ian at hixie.ch
Wed Jul 15 17:26:19 PDT 2009
There have been a number of discussions about clickjacking,
X-Frame-Options, and other proposals.
Nobody I've spoken to seems especially happy with X-Frame-Options, and
none of the other proposals have yet gotten serious traction.
I have therefore not added anything of this nature to the HTML5 spec yet.
I propose that from a standardisation perspective, we continue to wait to
get more implementation experience and document the end result once we
are more confident that a long-term solution has been found.
I recommend that people interested in this field work with browser vendors
to get experimental implementations of their proposals, so that we can
study their effects on Web content.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list