W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

ACTION-356: picture-in-picture attacks

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 17 Jan 2008 18:54:15 +0100
To: public-wsc-wg@w3.org
Message-ID: <20080117175415.GX1311@iCoaster.does-not-exist.org>

I've moved most of the Wiki text about picture-in-picture attacks
[1] into the current editor's draft:

  Many graphical user agents are vulnerable to picture-in-picture
  attacks: Graphic and script elements within an HTML page are used
  to simulate the look and feel of browser chrome. The attacker's
  goal is to recreate a convincing mockup of the browser chrome
  entirely within the content page, in order to provide (false)
  indicators of security to the user.
  In these user agents, the editor bar MUST be displayed using a
  theme customized to the user. The user selects this theme at
  browser installation time and it remains forever the same. The
  icon for the Contacts button MUST also be selected by the user at
  installation time.
  -- http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-picture-in-picture

1. http://www.w3.org/2006/WSC/wiki/NoteTestCases

I believe that ISSUE-126 can be closed.

Thomas Roessler, W3C  <tlr@w3.org>
Received on Thursday, 17 January 2008 17:54:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:20 UTC