[whatwg] Prevent a document from being manipulated by a "top" document

Dennis Joachimsthaler dennis at efjot.de
Tue Aug 2 03:33:18 PDT 2011

Hello Anne,

I took a look at the X-Frame-Options and it only disallows displaying
in a frame, not forbidding only script access.

Also this is another case of a HTTP header that would also find a good
place in the HTML itself, like with the Content-Disposition attribute
I suggested (and now got standardized).

Am 02.08.2011, 12:30 Uhr, schrieb Anne van Kesteren <annevk at opera.com>:

> On Tue, 02 Aug 2011 12:21:31 +0200, Dennis Joachimsthaler  
> <dennis at efjot.de> wrote:
>> [...]
> The X-Frame-Options header addresses this if I understand the concern  
> correctly.

More information about the whatwg mailing list