- From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Sat, 10 Apr 2010 23:28:54 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-247: Mixing content and UI [wsc-xit] http://www.w3.org/2006/WSC/track/issues/247 Raised by: Thomas Roessler On product: wsc-xit >From LC-2381 [1]: ===== > 7.2 Do not mix content and security indicators If an iframe contains a link to a site with an expired certificate and the user clicks the link, do you want the user agent to destroy the outer browsing context just to show the security indicator alone? This does not seem ideal ===== The group considered the comment at its meeting on 2010-03-31 [2], and resolved to clarify clause #LXXXVI [3] as follows: ===== Web User Agents MUST NOT communicate +positive+ trust information using user interface elements which can be mimicked within chrome under the control of web content. ===== 1. http://www.w3.org/2006/02/lc-comments-tracker/39814/WD-wsc-ui-20100309/2381 2. http://www.w3.org/2010/03/31-wsc-minutes 3. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#LXXXVI
Received on Saturday, 10 April 2010 23:28:55 UTC