- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Wed, 6 Dec 2006 11:48:24 -0600
- To: "W3 Work Group" <public-wsc-wg@w3.org>
Michael Smith wrote: > I think in general that in deciding what should and should > not be displayed in the browser chrome, the criteria that > need to be considered are more than just whether the data > can be abused to provide potentially misleading data. Can you be more specific about what the criteria should be? It might be a useful thing for this Working Group to provide explicit guidance on what kind of information should be in the chrome and what should not. What expectations do we want users to have for the chrome? How do we want users to use the chrome? My perspective is that the difference between chrome and page area should be the difference between "browser says" and "web site says". I realize that is not currently the case, and never has been, but I think the change is crucial to enabling the kind of interactive ceremonies needed to combat phishing. I despair of our chances for success if we don't provide the browser with a clear voice. Putting things like the page URL in the chrome area is an instance of "browser says the web site says", which is just to complicated and so easily abused. Besides, the web site already has a large swath of screen real estate to speak for itself. The web site doesn't need the browser to speak on its behalf. If the web site thinks the page URL is a useful GUI widget, it can put it in the page content. Perhaps the same is true for other widgets you want to see in the chrome, but don't fit the "browser says" versus "web site says" distinction? Tyler
Received on Wednesday, 6 December 2006 17:48:44 UTC