- From: <chaals@yandex-team.ru>
- Date: Fri, 31 Mar 2017 18:36:21 +0200
- To: Accessible Platform Architectures Working Group <public-apa@w3.org>
Hi, I filed issue https://github.com/w3c/html/issues/853 on HTML, because the spec currently suggests that implementing context menus defined by page authors, it is OK - but not required - to hide the normal browser context menu. I'm concerned that this introduces a fairly simple phishing attack, because you can replace things that users might expect in the context menu with arbitrary script in the application - this would be a particular problem for users who cannot see or clearly read the changed menu, and who may not notice that the options presented are now different. Equally, it may not be helpful to users if the context menu changes, or options expected disappear. Hence, it is tagged a11y. cheers Chaals -- Charles McCathie Nevile - standards - Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Friday, 31 March 2017 16:36:56 UTC