They would be great additions, thanks.
2. scriptwillexecute/scriptdidexecute events
Notice that Opera has a richer set of eventsof this kind (exsposed to
privileged User Scripts, though, AFAIK), allowing for much more control over
the executing scripts, no matter if from script elements,
I believe the spec is trying to stigmatize old-times spacer images used
to layout other HTML elements, like
img src=spacer.gif width=100 height=1
which are overly ugly and meaningless now that there's nothing you can't
layout by CSS.
-- G
Ingo Chao wrote, On 28/04/2010 13.31:
).
I'm chatting with their security staff right now, and they're enthusiast
of this development (especially of WebKit support).
Cheers
--
Giorgio Maone
http://hackademix.net
http://noscript.net
=JeffH wrote, On 20/09/2009 1.59:
Of possible interest to public-html@ whatwg@ denizens...
[apologies
.
--
Giorgio Maone
On Fri, 20 Feb 2009 19:36:47 +0100, Bil Corry b...@corry.biz wrote:
Sigbjørn Vik wrote on 2/20/2009 8:46 AM:
One proposed way of doing this would be a single header, of the form:
x-cross-domain-options: deny=frame,post,auth; AllowSameOrigin;
allow=*.opera.com,example.net;
This incorporates the
Sigbjørn Vik wrote, On 20/02/2009 15.46:
There is currently little protection against clickjacking, the
x-frame-options is the first attempt.
Nope, it's the second and weakest:
http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/
http://noscript.net/faq#clearclick
--
Giorgio
Ian Hickson wrote, On 18/02/2009 12.43:
3) Add an on-by-default mechanism that prevents UI actions to be taken
when a document tries to obstruct portions of a non-same-origin frame.
By carefully designing the mechanism, we can prevent legitimate uses
(such as dynamic menus that overlap
Bil Corry wrote, On 18/02/2009 21.31:
Boris Zbarsky wrote on 2/18/2009 9:27 AM:
And really no different from:
script
if (window != window.top)
window.top.location.href = window.location.href;
/script
in effect, right? This last already works in all browsers except IE,
which
