- From: Patrick H. Lauke <redux@splintered.co.uk>
- Date: Sat, 02 Dec 2006 23:06:41 +0000
- To: www-style@w3.org
Robert Chapin wrote: > > If UAs interpret this property as a display feature for non-password inputs, > then a phisher could create a quasi-password input under CSS3 that appears > identical to a legitimate password input. But if a phisher can already generate an input and then route the form to one of their own sites to store the input, or lure an unsuspecting user to a page that's theirs in the first place, I don't see how using CSS would make it any easier for them than just creating an actual password input. Or am I missing something? P -- Patrick H. Lauke __________________________________________________________ re·dux (adj.): brought back; returned. used postpositively [latin : re-, re- + dux, leader; see duke.] www.splintered.co.uk | www.photographia.co.uk http://redux.deviantart.com __________________________________________________________ Web Standards Project (WaSP) Accessibility Task Force http://webstandards.org/ __________________________________________________________
Received on Saturday, 2 December 2006 23:06:50 UTC