Hello Anne,
I took a look at the X-Frame-Options and it only disallows displaying
in a frame, not forbidding only script access.
Also this is another case of a HTTP header that would also find a good
place in the HTML itself, like with the Content-Disposition attribute
I suggested (and now got standardized).
Am 02.08.2011, 12:30 Uhr, schrieb Anne van Kesteren <ann...@opera.com>:
On Tue, 02 Aug 2011 12:21:31 +0200, Dennis Joachimsthaler
<den...@efjot.de> wrote:
[...]
The X-Frame-Options header addresses this if I understand the concern
correctly.