W3C home > Mailing lists > Public > public-web-security@w3.org > August 2012

http client side security issues

From: yuming huang <http.client.security@hotmail.com>
Date: Fri, 24 Aug 2012 16:06:15 -0500
Message-ID: <BAY162-W4317A44CC84E3604030E2D8BD0@phx.gbl>
To: <public-web-security@w3.org>

Hi,
 
The following questions are about current HTML standard (HTML 4.0, 4.1, 5.0?), as well as actual implementations (Internet Explorer, Firefox, Chrome).
 
1. Is silent download other than the HTML file itself allowed?  How does it work if possible?   How to prevent it from happening?  
For example(IE), a user types in a url and hits enter key. IE renders a web page (user sees it) and downloads a binary file silently to user's PC (user does not know).  Later the binary gets to run.
 
2. What are the means for web server to collect infomation from a web client user?  Form, Cookie, browser signature...

 
I searched http://lists.w3.org/Archives/Public/public-web-security/  but found no result.
 
 
Thanks!
 
 		 	   		  
Received on Sunday, 26 August 2012 12:18:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 26 August 2012 12:18:46 GMT