webappsec 9.24 KB
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!-- Generated from data/head.php, ../../smarty/{head.tpl} -->
<head>
<title>Security for Web Applications - W3C</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="Help" href="/Help/" />
<link rel="stylesheet" href="/2008/site/css/minimum" type="text/css" media="handheld, all" />
<style type="text/css" media="print, screen and (min-width: 481px)">
/*<![CDATA[*/
@import url("/2008/site/css/advanced");
/*]]>*/
</style>
<link href="/2008/site/css/minimum" rel="stylesheet" type="text/css" media="handheld, only screen and (max-device-width: 480px)" />
<meta name="viewport" content="width=device-width" />
<link rel="stylesheet" href="/2008/site/css/print" type="text/css" media="print" />
<link rel="shortcut icon" href="/2008/site/images/favicon.ico" type="image/x-icon" />
</head>
<body id="www-w3-org" class="w3c_public">
<div id="w3c_container">
<!-- Generated from data/mast.php, ../../smarty/{mast.tpl} -->
<div id="w3c_mast"><!-- #w3c_mast / Page top header -->
<h1 class="logo"><a tabindex="2" accesskey="1" href="/"><img src="/2008/site/images/logo-w3c-mobile-lg" width="90" height="53" alt="W3C" /></a> <span class="alt-logo">W3C</span></h1>
<div id="w3c_nav">
<form action="http://www.w3.org/Help/search" method="get" enctype="application/x-www-form-urlencoded">
<!-- w3c_sec_nav is populated through js -->
<div class="w3c_sec_nav"><!-- --></div>
<ul class="main_nav"><!-- Main navigation menu -->
<li class="first-item"><a href="/standards/">Standards</a></li>
<li><a href="/participate/">Participate</a></li>
<li><a href="/Consortium/membership">Membership</a></li>
<li class="last-item"><a href="/Consortium/">About W3C</a></li>
<li class="search-item">
<div id="search-form"><input tabindex="3" class="text" name="q" value="" title="Search" /> <button id="search-submit" name="search-submit" type="submit"><img class="submit" src="/2008/site/images/search-button" alt="Search" width="21" height="17" /></button></div>
</li>
</ul>
</form>
</div>
</div>
<!-- /end #w3c_mast -->
<div id="w3c_main">
<div id="w3c_logo_shadow" class="w3c_leftCol"><img width="100%" height="32" alt="" src="/2008/site/images/logo-shadow" /></div>
<div class="w3c_leftCol"><h2 class="offscreen">Site Navigation</h2>
<br /></div>
<div class="w3c_mainCol">
<!-- Generated from data/crumbs.php, ../../smarty/{crumbs.tpl} -->
<div id="w3c_crumbs">
       <div id="w3c_crumbs_frame">
        <ul class="bct"> <!-- .bct / Breadcrumbs -->
          <li class="skip"><a tabindex="1" accesskey="2" title="Skip to content (e.g., when browsing via audio)" href="#w3c_content_body">Skip</a></li>
          <li><a href="/">W3C</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li><a href="/standards/">Standards</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li><a href="/TR/">All&#xA0;Standards&#xA0;and&#xA0;Drafts</a>&#xA0;<span class="cr">&#xBB;</span>&#xA0;</li>
          <li class="current">Security for Web Applications</li>
        </ul>            
     </div>
    </div>
<h1 class="title">Security for Web Applications</h1>
<div class="w3c_toc"><!-- --></div>
<div id="w3c_content_body"><div id="w3c_generated_status">
      <p id="w3c_toggle_include" class="default_open intro tPadding">This page summarizes the relationships among specifications, whether they are finished standards or drafts. Below, each title
links to the most recent version of a document.
    </p>
      <h2 id="drafts">Drafts</h2>
      <p>Below are draft documents:
      <a href="/2005/10/Process-20051014/tr.html#RecsWD">other Working Drafts</a>.
      Some of these may become Web Standards through the <a href="/Consortium/Process/tr#rec-advance">W3C Recommendation Track
      process</a>. Others may be published as Group Notes or
      become obsolete specifications.</p>
      <h3 id="wd">Other Working Drafts</h3>
      <div class="data lMargin rMargin">
         <table class="w3c_spec_summary_table">
            <tbody>
               <tr>
                  <td class="table_datecol">
                     <a href="../history/CSP" title="Content Security Policy publication history">2011-11-29</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2011/WD-CSP-20111129/">Content Security Policy</a>
                     </h4>
                     <div class="expand_description">
                        <p>Content Security Policy is a mechanism web applications can use to
  mitigate the broad class of content injection vulnerabilities, such as
  cross-site scripting (XSS). Content Security Policy is a declarative policy
  that lets the authors (or server administrators) of a web application
  restrict from where the application can load resources.</p>
                     </div>
                  </td>
               </tr>
               <tr>
                  <td>
                     <a href="../history/from-origin" title="The From-Origin Header publication history">2011-07-21</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2011/WD-from-origin-20110721/">The From-Origin Header</a>
                     </h4>
                     <div class="expand_description">
                        <p>
This specification defines the From-Origin response header - a way for resources to declare they are unavailable within an embedding context.
  </p>
                     </div>
                  </td>
               </tr>
               <tr>
                  <td>
                     <a href="../history/cors" title="Cross-Origin Resource Sharing publication history">2010-07-27</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2010/WD-cors-20100727/">Cross-Origin Resource Sharing</a>
                     </h4>
                     <div class="expand_description">
                        <p>This document defines a mechanism to enable client-side cross-origin requests.</p>
                     </div>
                  </td>
               </tr>
               <tr class="lastRow">
                  <td>
                     <a href="../history/UMP" title="Uniform Messaging Policy, Level One publication history">2010-01-26</a>
                  </td>
                  <td>
                     <h4 class="w3c_status_title">
                        <a title="status is WD" href="http://www.w3.org/TR/2010/WD-UMP-20100126/">Uniform Messaging Policy, Level One</a>
                     </h4>
                     <div class="expand_description">
                        <p>The Uniform Messaging Policy (UMP) enables cross-site messaging that avoids Cross-Site-Request-Forgery and similar attacks that abuse HTTP cookies and other credentials.</p>
                     </div>
                  </td>
               </tr>
            </tbody>
         </table>
      </div>
   </div></div>
</div>
</div>
</div>
<!-- Generated from data/footer.php, ../../smarty/{footer-block.tpl} -->
<div id="w3c_footer">
<div id="w3c_footer-inner">
<h2 class="offscreen">Footer Navigation</h2>
<div class="w3c_footer-nav">
<h3>Navigation</h3>
<ul class="footer_top_nav">
<li><a href="/">Home</a></li>
<li><a href="/standards/">Standards</a></li>
<li><a href="/participate/">Participate</a></li>
<li><a href="/Consortium/membership">Membership</a></li>
<li class="last-item"><a href="/Consortium/">About W3C</a></li>
</ul>
</div>
<div class="w3c_footer-nav">
<h3>Contact W3C</h3>
<ul class="footer_bottom_nav">
<li><a href="/Consortium/contact">Contact</a></li>
<li><a accesskey="0" href="/Help/">Help and FAQ</a></li>
<li><a href="/Consortium/sponsor/">Sponsor / Donate</a></li>
<li><a href="/Consortium/siteindex">Site Map</a></li>
<li>
<address id="w3c_signature"><a href="mailto:site-comments@w3.org">Feedback</a> (<a href="http://lists.w3.org/Archives/Public/site-comments/">archive</a>)</address>
</li>
</ul>
</div>
<div class="w3c_footer-nav">
<h3>W3C Updates</h3>
<ul class="footer_follow_nav">
<li><a href="http://twitter.com/W3C" title="Follow W3C on Twitter"><img src="/2008/site/images/twitter-bird" alt="Twitter" class="social-icon" width="78" height="83" /></a>
<a href="http://identi.ca/w3c" title="See W3C on Identica"><img src="/2008/site/images/identica-logo" alt="Identica" class="social-icon" width="91" height="83" /></a></li>
</ul>
</div>
<!-- #footer address / page signature -->
<p class="copyright">Copyright &#xA9; 2012 W3C <sup>&#xAE;</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
<a href="http://www.keio.ac.jp/">Keio</a>) <a href="/Consortium/Legal/ipr-notice">Usage policies apply</a>.</p>
</div>
</div>
<!-- /end #footer -->
<!-- Generated from data/scripts.php, ../../smarty/{scripts.tpl} -->
<div id="w3c_scripts"><script type="text/javascript" src="/2008/site/js/main">
//<![CDATA[
<!-- -->
//]]>
</script></div>
</body>
</html>