W3C home > Mailing lists > Public > public-web-security@w3.org > March 2010

Re: Seeking Comments on Powerbox

From: Tyler Close <tyler.close@gmail.com>
Date: Thu, 4 Mar 2010 07:18:05 -0800
Message-ID: <5691356f1003040718o21a37a1i4c116bcdf756262d@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Arthur Barstow <art.barstow@nokia.com>, public-web-security@w3.org, Robin Berjon <robin@berjon.com>
Hi Maciej,

On Wed, Mar 3, 2010 at 5:45 PM, Maciej Stachowiak <mjs@apple.com> wrote:
> On Mar 3, 2010, at 5:50 AM, Arthur Barstow wrote:
> FYI, an email from Robin Berjon (one of the DAP WG chairs) seeking comments
> re the "Powerbox" spec by Tyler and Mark.
> The use of <input type="file"> in this spec is out of line with HTML5 in a
> number of ways. Here are some examples:
> 1) The proposed use of alt, title and class attributes is in conflict with
> HTML5. This is especially serious in the case of alt since alt is an
> accessibility feature.

Could you provide some explanation of this conflict? I believe all of
the named attributes are being used as specified by HTML4. In
particular, the use of alt is both inline with the specification and
encourages page authors to improve accessibility. HTML4 says:

"For user agents that cannot display images, forms, or applets, this
attribute specifies alternate text."

The Powerbox draft says that the alt attribute should describe the
purpose of the <input> element.

These are much the same reason. Moreover, other than accessibility,
HTML4 provides little incentive for authors to populate the alt
attribute, so many don't. The Powerbox creates an additional incentive
to properly fill out this attribute, since the value is sent to the
Provider web site as the reason for the request. If Powerbox were
widely adopted, I believe it would significantly improve accessibility
via the alt attribute.

> 2) Putting a URL in the value IDL attribute does not match the HTML5
> implementation requirements for this attribute.
> 3) It's not obvious how the "files" IDL attribute would be implemented.
> I haven't yet had a chance to properly review this proposal at a conceptual
> level, but I think if it's going to use <input type="file">, it should be
> made consistent with HTM5.

The text under form submission explains how a user-agent can treat a
file control populated by the Powerbox as compatible with one
populated by selection from the local filesystem. See:


My goal in using the <input type="file"> attribute is to provide
legacy compatibility with current HTML content. This goal should be
consistent with compatibility with HTML5. I appreciate your assistance
in creating this compatibility.


"Waterken News: Capability security on the Web"
Received on Thursday, 4 March 2010 15:18:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:17 UTC