W3C home > Mailing lists > Public > www-style@w3.org > December 2006

Re: [CSS3UI] Concerned about Appearance:Password

From: Patrick H. Lauke <redux@splintered.co.uk>
Date: Mon, 04 Dec 2006 18:12:00 +0000
Message-ID: <457464F0.2010309@splintered.co.uk>
To: www-style@w3.org

Robert Chapin wrote:
> But it's not just "an input" if the phisher can modify its behavior through
> CSS.  This is especially dangerous when 'type=password' has been
> blacklisted.  It may not be a good policy, but it works, and CSS3 will break
> it.

There'd be an argument to disallow inputs, selects, textareas and forms 
altogether then, if they (I think you mentioned MySpace in your email 
sent to me direct) are concerned about phishing attacks from those 
accounts...but maybe that's my far too draconian response to it.

P
-- 
Patrick H. Lauke
__________________________________________________________
re·dux (adj.): brought back; returned. used postpositively
[latin : re-, re- + dux, leader; see duke.]
www.splintered.co.uk | www.photographia.co.uk
http://redux.deviantart.com
__________________________________________________________
Web Standards Project (WaSP) Accessibility Task Force
http://webstandards.org/
__________________________________________________________
Received on Monday, 4 December 2006 18:12:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:47 GMT