Indeed. Really, the bottom line here is that things such as NoScript work we'll for us geeks, who know how to deal with the failures and exceptions, but they are horrid user experiences for people like my mother.
Barry On Saturday, August 17, 2013, Tobias Gondrom wrote: > On 14/08/13 23:48, Stephen Farrell wrote: > > Stephen Farrell has entered the following ballot position for > > draft-ietf-websec-x-frame-options-09: Yes > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > http://datatracker.ietf.org/doc/draft-ietf-websec-x-frame-options/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > > > (Personal opinion only, no change requested unless it > > resonates with folks.) I would prefer that this not say > > that NoScript impairs broswer utility. I find it fine. > > > > Other than that, this is a fine draft, thanks. > > > > Stephen, > personally, I use NoScript, too. > > But, looking at todays web applications JavaScript and frames are widely > spread and many web applications would indeed be very impaired if you > disable JavaScript and frames in your browser entirely. > Some years ago people tried to discourage JavaScript for security > sensitive applications (read "most of the web applications") and to > disable JavaScript in the browser, but meanwhile we moved past that > point and try to fix the security/trust models for JavaScript using CSP > - which I hope gives us another chance to fix large parts of it). > JavaScript functions are quite common nowadays in airline booking > systems, banking, corporate websites, etc. Be it for design, client side > input validation or other interactive functionality up to editing > capabilities. > > Best regards, Tobias > > > > >
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
