W3C home > Mailing lists > Public > www-style@w3.org > December 2006

Re: [CSS3UI] Concerned about Appearance:Password

From: Patrick H. Lauke <redux@splintered.co.uk>
Date: Mon, 04 Dec 2006 18:12:00 +0000
Message-ID: <457464F0.2010309@splintered.co.uk>
To: www-style@w3.org

Robert Chapin wrote:
> But it's not just "an input" if the phisher can modify its behavior through
> CSS.  This is especially dangerous when 'type=password' has been
> blacklisted.  It may not be a good policy, but it works, and CSS3 will break
> it.

There'd be an argument to disallow inputs, selects, textareas and forms 
altogether then, if they (I think you mentioned MySpace in your email 
sent to me direct) are concerned about phishing attacks from those 
accounts...but maybe that's my far too draconian response to it.

Patrick H. Lauke
re·dux (adj.): brought back; returned. used postpositively
[latin : re-, re- + dux, leader; see duke.]
www.splintered.co.uk | www.photographia.co.uk
Web Standards Project (WaSP) Accessibility Task Force
Received on Monday, 4 December 2006 18:12:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:27:27 UTC