W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: David Lindsay <thornmaker@gmail.com>
Date: Tue, 8 Dec 2009 10:43:59 -0500
Message-ID: <2e7df85e0912080743m478db767h7c9b5d831662663d@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: gaz Heyes <gazheyes@gmail.com>, Adam Barth <w3c@adambarth.com>, Daniel Glazman <daniel@glazman.org>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
On Tue, Dec 8, 2009 at 10:07, Maciej Stachowiak <mjs@apple.com> wrote:

> Another possibility is to specifically blacklist the use of the contents of
> the "value" attribute in attribute selectors for elements in the HTML
> namespace. Either all elements, or specifically input elements, or more
> specifically input elements of type password or hidden.
> I think that is better than making attribute selectors not work with those
> elements at all. People validly use attribute selectors on form controls
> based on the "type" attribute to style them.
> Regards,
> Maciej
>

Are there any legitimate use cases for selecting an element based on
the value attribute?  I think some solution like this is the direction
we should be looking.

-david
Received on Wednesday, 9 December 2009 09:26:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT