W3C home > Mailing lists > Public > public-html@w3.org > November 2007

Re: Feedback on the ping="" attribute (ISSUE-1)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 08 Nov 2007 17:41:42 -0600
Message-ID: <47339EB6.6060701@mit.edu>
To: Julian Reschke <julian.reschke@gmx.de>, "public-html@w3.org" <public-html@w3.org>

Julian Reschke wrote:
> I don't see anything in Amazon, for instance, being a link but unsafe.

As I always tell my students, as single example does not a proof make.

In general, there are lots of sites out there making links look like buttons, 
making divs look like both, and doing weird stuff (JS execution, AJAX requests, 
etc) on link clicks..

> I do see lots of buttons that may initiate something safe, but links being 
> safe is the thing which is important, not buttons being unsafe.

Perhaps a usability study is in order to see whether users really make this 
distinction: links are always safe but buttons might be unsafe.

> How can it be not on purpose. It's not trivial to hide a POST behind a 
> text link.

Sure it is.  <a onclick="form.sumbit()">.

> Let's educate web designers not to do that.

Good luck.

> More stuff that enables web pages to initiate a POST when it looks like 
> simple link navigation.

I think you're trying to get the door closed after the horse escaped and the 
barn burned down....

-Boris
Received on Thursday, 8 November 2007 23:42:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:09 GMT