W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > April 2010

[Bug 9602] New: That autofocus attribute will wreak security havok. What an ignorant idea to bring more logic to HTML. I think I know a couple of ways to abuse it, since it actually is some sort of flow control, which only scripting languages should be capable of. I hope

From: <bugzilla@jessica.w3.org>
Date: Tue, 27 Apr 2010 23:23:00 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-9602-2486@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=9602

           Summary: That autofocus attribute will wreak security havok.
                    What an ignorant idea to bring more logic to HTML. I
                    think I know a couple of ways to abuse it, since it
                    actually is some sort of flow control, which only
                    scripting languages should be capable of. I hope
           Product: HTML WG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#att
                    r-fe-autofocus
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML5 spec bugs
        AssignedTo: dave.null@w3.org
        ReportedBy: contributor@whatwg.org
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org, public-html@w3.org


Section: http://www.whatwg.org/specs/web-apps/current-work/#attr-fe-autofocus

Comment:
That autofocus attribute will wreak security havok. What an ignorant idea to
bring more logic to HTML. I think I know a couple of ways to abuse it, since
it actually is some sort of flow control, which only scripting languages
should be capable of. I hope it never gets implemented in Firefox. I am really
shocked. -Skyphire.

Posted from: 82.171.76.240

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 27 April 2010 23:23:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 April 2010 23:23:49 GMT