W3C home > Mailing lists > Public > www-style@w3.org > December 2006

Re: [CSS3UI] Concerned about Appearance:Password

From: Patrick H. Lauke <redux@splintered.co.uk>
Date: Sat, 02 Dec 2006 23:06:41 +0000
Message-ID: <45720701.1000204@splintered.co.uk>
To: www-style@w3.org

Robert Chapin wrote:
> If UAs interpret this property as a display feature for non-password inputs,
> then a phisher could create a quasi-password input under CSS3 that appears
> identical to a legitimate password input.

But if a phisher can already generate an input and then route the form 
to one of their own sites to store the input, or lure an unsuspecting 
user to a page that's theirs in the first place, I don't see how using 
CSS would make it any easier for them than just creating an actual 
password input. Or am I missing something?

Patrick H. Lauke
re·dux (adj.): brought back; returned. used postpositively
[latin : re-, re- + dux, leader; see duke.]
www.splintered.co.uk | www.photographia.co.uk
Web Standards Project (WaSP) Accessibility Task Force
Received on Saturday, 2 December 2006 23:06:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:27:27 UTC