W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 08 Dec 2009 07:32:44 -0800
Cc: "sird@rckc.at" <sird@rckc.at>, gaz Heyes <gazheyes@gmail.com>, Daniel Glazman <daniel@glazman.org>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
Message-id: <3C1FCC1C-F35B-4557-A870-33D6023FB2F3@apple.com>
To: Adam Barth <w3c@adambarth.com>

On Dec 8, 2009, at 1:40 AM, Adam Barth wrote:

>
> Does Giorgio have a way to measure how commonly he blocks these
> things?  That would be useful information for evaluating the costs of
> disabling attribute selectors entirely.  Before Daniel jumps all over
> me, I'll say that it's a data point that's worth knowing in balancing
> the security costs of a feature with its benefits.

Some sites from my Safari Top Sites wall that use attribute selectors:

http://digg.com/
http://reddit.com/
http://metafilter.com/
http://marginalrevolution.com/
http://kongregate.com/

This sample convinces me that removing attribute selectors entirely is  
probably not viable.

Regards,
Maciej
Received on Tuesday, 8 December 2009 15:33:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT