add x-link to UI Redressing seccons section from iFrame section

w3c · Oct 14, 2020 · a71c9cb · a71c9cb
1 parent 94e2cc1
commit a71c9cb
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/index.bs b/index.bs
@@ -3271,6 +3271,8 @@ Note: Algorithms specified in [[!CREDENTIAL-MANAGEMENT-1]] perform the actual pe
 The [=Web Authentication API=] is disabled by default in cross-origin <{iframe}>s.
 To override this default policy and indicate that a cross-origin <{iframe}> is allowed to invoke the [=Web Authentication API=]'s {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}} method, specify the <{iframe/allow}> attribute on the <{iframe}> element and include the <code>[=publickey-credentials-get-feature|publickey-credentials-get=]</code> feature-identifier token in the <{iframe/allow}> attribute's value.
 
+[=[RPS]=] utilizing the WebAuthn API in an embedded context should review [[#sctn-seccons-visibility]] regarding [=UI redressing=] and its possible mitigations.
+
 
 
 # WebAuthn <dfn>Authenticator Model</dfn> # {#sctn-authenticator-model}