[whatwg] Clickjacking and CSRF

Aryeh Gregor Simetrical+w3c at gmail.com
Wed Jul 15 18:48:41 PDT 2009

On Wed, Jul 15, 2009 at 9:24 PM, Jonas Sicking<jonas at sicking.cc> wrote:
> Note that Content Security Policies[1] can be used to deal with
> clickjacking. So far we've gotten a lot of positive feedback to CSP
> and are in progress of implementing it in firefox. So it's a possible
> solution to this.

Is Mozilla planning to run CSP through a usual standards body like the
W3C, either before or after implementation?  If you plan to
standardize it after implementation, why not before instead?  CSP
looks really exciting, but I'm not clear on whether or when it will be
standardized -- I've heard talk of implementing it, but not of
standardizing it.

More information about the whatwg mailing list