W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

RE: Available security information section clarification

From: Close, Tyler J. <tyler.close@hp.com>
Date: Tue, 10 Apr 2007 20:25:33 -0000
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF9A368D@G3W0072.americas.hpqcorp.net>
To: <public-wsc-wg@w3.org>


> From: Thomas Roessler [mailto:tlr@w3.org]  
> Coming back to the "has page complete rendering" piece of 
> context, I wonder if there is a security-related motivation 
> for looking at it that is different from the issues that you 
> get when content can be presented in multiple ways, possibly 
> by way of multiple modalities.
> 
> If there is no such motivation, then I'd respectfully suggest 
> we drop it.

I think there is a semantic difference between the user agent applying a
set of user-specific stylesheets and the user agent inventing its own
page style based of failure to fetch specified stylesheets. The latter
scenario is a plausible attack vector for phishing. I think an indicator
that communicates that the current rendering does not reflect the will
of either the user or the page designer could be valuable.

Tyler
Received on Tuesday, 10 April 2007 20:25:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT