Hi, Brad Thanks for sending this, and I will review this more carefully soon, but one thing that I noticed with a cursory look is that sections 4-7 were probably meant to be sub-sections of section 3.
Yoav On Mar 21, 2014, at 9:45 PM, Hill, Brad <[email protected]> wrote: > WebSec WG members, > > The WebAppSec WG at the W3C has recently announced a Last Call Working Draft > of "User Interface Directives for Content Security Policy". > > http://www.w3.org/TR/UISecurity/ > > This specification describes a set of policy statements and screen-shot > comparison heuristics that web resource authors and user agents may use to > protect embedded or framed resources from "clickjacking" attacks. The > "frame-options" directive, an evolution of the "X-Frame-Options" header, was > briefly part of this spec, although now it has been moved to the mainstream > CSP 1.1 specification as "frame-ancestors". > > The WG would appreciate review and comments. The last call period ends > 18-June-2014, and comments can be submitted to: > > [email protected] > > Thank you, > > Brad Hill > Co-chair, WebAppSec WG > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
