- From: <bugzilla@jessica.w3.org>
- Date: Wed, 23 Oct 2013 20:05:12 +0000
- To: public-html-admin@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23614
Bug ID: 23614
Summary: accessKeyLabel can expose new information about the
user and possibly also other origins
Product: HTML.next
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Keywords: a11y, a11ytf, a11y_focus
Severity: normal
Priority: P2
Component: default
Assignee: chaals@yandex-team.ru
Reporter: mark@w3.org
QA Contact: public-html-bugzilla@w3.org
CC: ayg@aryeh.name, cooper@w3.org, ian@hixie.ch,
laura.lee.carlson@gmail.com, mike@w3.org,
mounir@lamouri.fr, public-html-a11y@w3.org,
public-html-admin@w3.org,
public-html-wg-issue-tracking@w3.org, robin@w3.org,
simonp@opera.com
Depends on: 23613, 10888, 10994
+++ This bug was initially created as a clone of Bug #10994 +++
Since accesskeys are chosen depending on the user's platform and available keys
and available key bindings in the browser/OS, accesskeyLabel exposes that
information about the user which was not possible before, i.e. it increases the
fingerprinting.
Moreover, if a browser considers accesskeys from cross-origin iframes when
assigning a key, accessKeyLabel exposes information about the cross-origin
iframed document (if it uses accesskeys) which was not possible before, e.g. it
might be possible to tell if the user is logged in on the other site.
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 23 October 2013 20:05:15 UTC