[whatwg] Review of the 3.16 section and the HTMLInputElement interface from Samuel Santos on 2008-11-06 (public-whatwg-archive@w3.org from November 2008)

From: Samuel Santos <samaxes@gmail.com>
Date: Thu, 6 Nov 2008 18:17:27 +0000
Message-ID: <fe7db4750811061017i6a8de93ar831dff9febf4b707@mail.gmail.com>

On Thu, Nov 6, 2008 at 5:50 PM, Ian Hickson <ian at hixie.ch> wrote:

> On Thu, 6 Nov 2008, Eduard Pascual wrote:
> >
> > I agree with Samuel in that this is an issue. In Catalunya, most often
> > Spanish software is used (both OS and browsers), because a lot of the
> > software is not easily (or at all) available in Catalan (specially
> > Microsoft software, such as Windows and IE, which ammount for a quite
> > big fraction of web surfers). Seeing Spanish stuff in pages that are
> > supposed to be in Catalan is quite annoying (especially when keeping in
> > mind some historic factors).
> >
> > I can understand that there may be some security concerns with this
> > control; but I don't think changing the "Browse" caption poses any
> > threat. But if there is so much paranoia on this, browsers could be
> > allowed (or even required) to ask for confirmation when picking a file
> > if the caption has been changed (something like "Are you sure you would
> > like to submit C:\example.txt to example.com?" should be enough, and
> > users would easily see such question as coming from the UA rather than
> > from the webpage).
>
> It has been shown that prompts are ignored by users, so that wouldn't
> really solve the problem.
>
>
> On Thu, 6 Nov 2008, Samuel Santos wrote:
> >
> > If changing the button text can be a security issue (e.g. induce the
> > user to an action that he's not aware of), we can come up with some
> > solutions.
> >
> > What about allowing the Author to change the control's locale? By doing
> > so, the UA can then render the button with the same locale as the
> > application without compromising the security.
>
> It seems like browsers should do this already based on the lang=""
> attribute. I recommend asking browser vendors to implement this.


@lang will definitively fix the problem if browsers are willing to implement
it.


>
>
>
> On Thu, 6 Nov 2008, Eduard Pascual wrote:
> >
> > I was going to suggest this, but I don't think it's really doable:
> > browsers would need to include all the translations of that caption in
> > all their versions. In the specific case of IE, considering that
> > Microsoft tends to license only single-language versions of its products
> > (if you want it in two languages, you need to pay twice), I'm afraid
> > this would be an issue (despite the fact that IE is actually distributed
> > for free, it would still mess with their "packaging").
>
> It's true that this may not be something browsers want to implement.
>
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
>



-- 
Samuel Santos
http://www.samaxes.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081106/65c9774b/attachment.htm>

Received on Thursday, 6 November 2008 10:17:27 UTC