Re: ACTION-2079: Draft ¨host language should¨ language for password that they should restrict elements it can apply to, with input from minutes of 2 june 2016 meeting (Accessible Rich Internet Applications Working Group) from John Foliot on 2016-06-04 (public-aria@w3.org from June 2016)

From: John Foliot <john.foliot@deque.com>
Date: Sat, 4 Jun 2016 10:18:18 -0500
To: Michael Cooper <cooper@w3.org>
Cc: Accessible Rich Internet Applications Working Group <public-aria@w3.org>
Message-ID: <CAKdCpxx5AhVav1tS2yBgwa-6mMug8RAGF1pA_prEH4Q0UghVCQ@mail.gmail.com>

Hi Michael,

Thanks for this. Might I propose the following edits?

"Using the password role on elements that would not accept

<strike>passwords</strike>
<ins>a text string</ins>

could create a security risk in conforming user agents, prompting users to
enter a password in an inappropriate place where it could be accidentally
exposed. Therefore, host languages should restrict use of the password role
to elements that accept text input from users, and

<strike>only when within a form submission context.</strike>
<ins>must only be used on children elements within a form submission
context.</ins>"

JF

On Fri, Jun 3, 2016 at 4:18 PM, Michael Cooper <cooper@w3.org> wrote:

> Recommendation that host languages restrict where password can be used:
>
> http://rawgit.com/w3c/aria/ACTION-2079/aria/aria.html#password
>
> Using the password role on elements that would not accept passwords could
> create a security risk in conforming user agents, prompting users to enter
> a password in an inappropriate place where it could be accidentally
> exposed. Therefore, host languages *SHOULD* restrict use of the password
> role to elements that accept text input from users, and only when within a
> form submission context.
>
> Michael
>
> On 02/06/2016 1:25 PM, Accessible Rich Internet Applications Working Group
> Issue Tracker wrote:
>
> ACTION-2079: Draft ¨host language should¨ language for password that they should restrict elements it can apply to, with input from minutes of 2 june 2016 meeting (Accessible Rich Internet Applications Working Group)
> http://www.w3.org/WAI/ARIA/track/actions/2079
>
> On: Michael Cooper
> Due: 2016-06-09
>
> If you do not want to be notified on new action items for this group, please update your settings at:http://www.w3.org/WAI/ARIA/track/users/34017#settings
>
>
>


-- 
John Foliot
Principal Accessibility Consultant
Deque Systems Inc.
john.foliot@deque.com

Advancing the mission of digital accessibility and inclusion

Received on Saturday, 4 June 2016 15:18:49 UTC