W3C home > Mailing lists > Public > public-html@w3.org > January 2009

RE: html sans html

From: Travis Leithead <Travis.Leithead@microsoft.com>
Date: Wed, 21 Jan 2009 17:06:37 -0800
To: Kornel Lesiński <kornel@geekhood.net>, Ian Hickson <ian@hixie.ch>
CC: "public-html@w3.org" <public-html@w3.org>
Message-ID: <0003CB8B8FE2154EB50431DB2B8F69C01BECC0C8C3@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>

<shrug>
An attempt at preventing some classes of spoofing attacks. Perhaps we'll clean it up next release...
</shrug>

See "Allow websites to prompt for information using scripted windows" in the Security Settings dialog to restore IE6 behavior.

-Travis

-----Original Message-----
From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Kornel Lesinski
Sent: Wednesday, January 21, 2009 4:31 PM
To: Ian Hickson
Cc: public-html@w3.org
Subject: Re: html sans html


On 22.01.2009, at 00:07, Ian Hickson wrote:

>> I am pretty confident that IE6 didn't do this sort of thing, so I
>> fear
>> it is one of many of modern browsers' attempts to hobble my
>> quirk-infested ways of teaching subjects using technology when
>> chalk and
>> blackboards might be preferable. Does the spec address this and if so
>> whose browser is handling it correctly?
>
> Per HTML5, all but IE seem to be handling this correctly. Browsers
> that
> allowed the script to be aborted while the dialogs were up get extra
> credit.
>
> I don't understand IE's behavior... Is this an over-zealous popup
> blocker?

It's the fear of IE's Local Zone exploits. Pages opened form disk need
to have Mark of the Web to run without warnings:
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx

Fortunately this behavior doesn't need to be specified in HTML5, as
other browsers don't have such policies, and MOTW causes nothing but
confusion.

--
regards, Kornel
Received on Thursday, 22 January 2009 01:05:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:28 GMT