W3C home > Mailing lists > Public > www-style@w3.org > December 2006

Re: [CSS3UI] Concerned about Appearance:Password

From: Allan Sandfeld Jensen <kde@carewolf.com>
Date: Tue, 5 Dec 2006 11:25:53 +0100
To: www-style@w3.org
Message-Id: <200612051125.53821.kde@carewolf.com>

On Tuesday 05 December 2006 11:11, Octavio Alvarez Piza wrote:
> On Sat, 2 Dec 2006 10:00:36 -0500
>
> "Robert Chapin" <w3-list@info-svc.com> wrote:
> > If UAs interpret this property as a display feature for non-password
> > inputs, then a phisher could create a quasi-password input under CSS3
> > that appears identical to a legitimate password input.
>
> Or worse, if by any chance (intentional, technical failure or otherwise)
> the CSS file never gets to the UA or gets severely delayed, the "trusted"
> passwords would be left unprotected to the sight of everybody near that PC.
>
Well hopefully the UA will not autocomplete to a non-password fields using 
data that has been entered into a password field.

`Allan
Received on Tuesday, 5 December 2006 10:26:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:47 GMT