W3C home > Mailing lists > Public > public-apa@w3.org > March 2017

Issue in HTML: suppressing browser context menu

From: <chaals@yandex-team.ru>
Date: Fri, 31 Mar 2017 18:36:21 +0200
To: Accessible Platform Architectures Working Group <public-apa@w3.org>
Message-Id: <282181490978181@webcorp03h.yandex-team.ru>
Hi,

I filed issue https://github.com/w3c/html/issues/853 on HTML, because the spec currently suggests that implementing context menus defined by page authors, it is OK - but not required - to hide the normal browser context menu.

I'm concerned that this introduces a fairly simple phishing attack, because you can replace things that users might expect in the context menu with arbitrary script in the application - this would be a particular problem for users who cannot see or clearly read the changed menu, and who may not notice that the options presented are now different.

Equally, it may not be helpful to users if the context menu changes, or options expected disappear.

Hence, it is tagged a11y.

cheers

Chaals

-- 
Charles McCathie Nevile - standards - Yandex
chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Friday, 31 March 2017 16:36:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 31 March 2017 16:36:57 UTC