An editor’s draft for post-Spectre web development guidance was made available by the W3C.
The editor’s draft of “Post-Spectre Web Development” outlines recommendations for handling of requests, restricting any attackers’ ability to load data as a document or sub-resource, preventing MIME-type confusion attacks, and restricting any attackers’ ability to handle the window.
Post-Spectre, we need to adopt some new strategies for safe and secure web development. This document outlines a threat model we can share, and a set of mitigation recommendations.
TL;DR: Your data must not unexpectedly enter an attacker’s process.
The current draft can be found at w3c.github.io.