[whatwg] Prevent a document from being manipulated by a "top" document
Dennis Joachimsthaler
dennis at efjot.de
Tue Aug 2 03:33:18 PDT 2011
Hello Anne,
I took a look at the X-Frame-Options and it only disallows displaying
in a frame, not forbidding only script access.
Also this is another case of a HTTP header that would also find a good
place in the HTML itself, like with the Content-Disposition attribute
I suggested (and now got standardized).
Am 02.08.2011, 12:30 Uhr, schrieb Anne van Kesteren <annevk at opera.com>:
> On Tue, 02 Aug 2011 12:21:31 +0200, Dennis Joachimsthaler
> <dennis at efjot.de> wrote:
>> [...]
>
> The X-Frame-Options header addresses this if I understand the concern
> correctly.
>
More information about the whatwg
mailing list