discontinued / server · Files

webappsec 9.24 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!-- Generated from data/head.php, ../../smarty/{head.tpl} -->
<head>
<title>Security for Web Applications - W3C</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="Help" href="/Help/" />
<link rel="stylesheet" href="/2008/site/css/minimum" type="text/css" media="handheld, all" />
<style type="text/css" media="print, screen and (min-width: 481px)">
/*<![CDATA[*/
@import url("/2008/site/css/advanced");
/*]]>*/
</style>
<link href="/2008/site/css/minimum" rel="stylesheet" type="text/css" media="handheld, only screen and (max-device-width: 480px)" />
<meta name="viewport" content="width=device-width" />
<link rel="stylesheet" href="/2008/site/css/print" type="text/css" media="print" />
<link rel="shortcut icon" href="/2008/site/images/favicon.ico" type="image/x-icon" />
</head>
<body id="www-w3-org" class="w3c_public">
<div id="w3c_container">
<!-- Generated from data/mast.php, ../../smarty/{mast.tpl} -->
<div id="w3c_mast"><!-- #w3c_mast / Page top header -->
<h1 class="logo"><a tabindex="2" accesskey="1" href="/"><img src="/2008/site/images/logo-w3c-mobile-lg" width="90" height="53" alt="W3C" /></a> <span class="alt-logo">W3C</span></h1>
<div id="w3c_nav">
<form action="http://www.w3.org/Help/search" method="get" enctype="application/x-www-form-urlencoded">
<!-- w3c_sec_nav is populated through js -->
<div class="w3c_sec_nav"><!-- --></div>
<ul class="main_nav"><!-- Main navigation menu -->
<li class="first-item"><a href="/standards/">Standards</a></li>
<li><a href="/participate/">Participate</a></li>
<li><a href="/Consortium/membership">Membership</a></li>
<li class="last-item"><a href="/Consortium/">About W3C</a></li>
<li class="search-item">
<div id="search-form"><input tabindex="3" class="text" name="q" value="" title="Search" /> <button id="search-submit" name="search-submit" type="submit"><img class="submit" src="/2008/site/images/search-button" alt="Search" width="21" height="17" /></button></div>
</li>
</ul>
</form>
</div>
</div>
<!-- /end #w3c_mast -->
<div id="w3c_main">
<div id="w3c_logo_shadow" class="w3c_leftCol"><img width="100%" height="32" alt="" src="/2008/site/images/logo-shadow" /></div>
<div class="w3c_leftCol"><h2 class="offscreen">Site Navigation</h2>
<br /></div>
<div class="w3c_mainCol">
<!-- Generated from data/crumbs.php, ../../smarty/{crumbs.tpl} -->
<div id="w3c_crumbs">
       <div id="w3c_crumbs_frame">
        <ul class="bct"> <!-- .bct / Breadcrumbs -->
          <li class="skip"><a tabindex="1" accesskey="2" title="Skip to content (e.g., when browsing via audio)" href="#w3c_content_body">Skip</a></li>
          <li><a href="/">W3C</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li><a href="/standards/">Standards</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li><a href="/TR/">All&#xA0;Standards&#xA0;and&#xA0;Drafts</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li class="current">Security for Web Applications</li>
        </ul>            
     </div>
    </div>
<h1 class="title">Security for Web Applications</h1>
<div class="w3c_toc"><!-- --></div>
<div id="w3c_content_body"><div id="w3c_generated_status">
      <p id="w3c_toggle_include" class="default_open intro tPadding">This page summarizes the relationships among specifications, whether they are finished standards or drafts. Below, each title
links to the most recent version of a document.
    </p>
      <h2 id="drafts">Drafts</h2>
      <p>Below are draft documents:
      <a href="/2005/10/Process-20051014/tr.html#RecsWD">other Working Drafts</a>.
      Some of these may become Web Standards through the <a href="/Consortium/Process/tr#rec-advance">W3C Recommendation Track
      process</a>. Others may be published as Group Notes or
      become obsolete specifications.</p>
      <h3 id="wd">Other Working Drafts</h3>
      <div class="data lMargin rMargin">
         <table class="w3c_spec_summary_table">
            <tbody>
               <tr>
                  <td class="table_datecol">
                     <a href="../history/CSP" title="Content Security Policy publication history">2011-11-29</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2011/WD-CSP-20111129/">Content Security Policy</a>
                     </h4>
                     <div class="expand_description">
                        <p>Content Security Policy is a mechanism web applications can use to
  mitigate the broad class of content injection vulnerabilities, such as
  cross-site scripting (XSS). Content Security Policy is a declarative policy
  that lets the authors (or server administrators) of a web application
  restrict from where the application can load resources.</p>
                     </div>
                  </td>
               </tr>
               <tr>
                  <td>
                     <a href="../history/from-origin" title="The From-Origin Header publication history">2011-07-21</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2011/WD-from-origin-20110721/">The From-Origin Header</a>
                     </h4>
                     <div class="expand_description">
                        <p>
This specification defines the From-Origin response header - a way for resources to declare they are unavailable within an embedding context.
  </p>
                     </div>
                  </td>
               </tr>
               <tr>
                  <td>
                     <a href="../history/cors" title="Cross-Origin Resource Sharing publication history">2010-07-27</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2010/WD-cors-20100727/">Cross-Origin Resource Sharing</a>
                     </h4>
                     <div class="expand_description">
                        <p>This document defines a mechanism to enable client-side cross-origin requests.</p>
                     </div>
                  </td>
               </tr>
               <tr class="lastRow">
                  <td>
                     <a href="../history/UMP" title="Uniform Messaging Policy, Level One publication history">2010-01-26</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2010/WD-UMP-20100126/">Uniform Messaging Policy, Level One</a>
                     </h4>
                     <div class="expand_description">
                        <p>The Uniform Messaging Policy (UMP) enables cross-site messaging that avoids Cross-Site-Request-Forgery and similar attacks that abuse HTTP cookies and other credentials.</p>
                     </div>
                  </td>
               </tr>
            </tbody>
         </table>
      </div>
   </div></div>
</div>
</div>
</div>
<!-- Generated from data/footer.php, ../../smarty/{footer-block.tpl} -->
<div id="w3c_footer">
<div id="w3c_footer-inner">
<h2 class="offscreen">Footer Navigation</h2>
<div class="w3c_footer-nav">
<h3>Navigation</h3>
<ul class="footer_top_nav">
<li><a href="/">Home</a></li>
<li><a href="/standards/">Standards</a></li>
<li><a href="/participate/">Participate</a></li>
<li><a href="/Consortium/membership">Membership</a></li>
<li class="last-item"><a href="/Consortium/">About W3C</a></li>
</ul>
</div>
<div class="w3c_footer-nav">
<h3>Contact W3C</h3>
<ul class="footer_bottom_nav">
<li><a href="/Consortium/contact">Contact</a></li>
<li><a accesskey="0" href="/Help/">Help and FAQ</a></li>
<li><a href="/Consortium/sponsor/">Sponsor / Donate</a></li>
<li><a href="/Consortium/siteindex">Site Map</a></li>
<li>
<address id="w3c_signature"><a href="mailto:site-comments@w3.org">Feedback</a> (<a href="http://lists.w3.org/Archives/Public/site-comments/">archive</a>)</address>
</li>
</ul>
</div>
<div class="w3c_footer-nav">
<h3>W3C Updates</h3>
<ul class="footer_follow_nav">
<li><a href="http://twitter.com/W3C" title="Follow W3C on Twitter"><img src="/2008/site/images/twitter-bird" alt="Twitter" class="social-icon" width="78" height="83" /></a>
<a href="http://identi.ca/w3c" title="See W3C on Identica"><img src="/2008/site/images/identica-logo" alt="Identica" class="social-icon" width="91" height="83" /></a></li>
</ul>
</div>
<!-- #footer address / page signature -->
<p class="copyright">Copyright &#xA9; 2012 W3C <sup>&#xAE;</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
<a href="http://www.keio.ac.jp/">Keio</a>) <a href="/Consortium/Legal/ipr-notice">Usage policies apply</a>.</p>
</div>
</div>
<!-- /end #footer -->
<!-- Generated from data/scripts.php, ../../smarty/{scripts.tpl} -->
<div id="w3c_scripts"><script type="text/javascript" src="/2008/site/js/main">
//<![CDATA[
<!-- -->
//]]>
</script></div>
</body>
</html>