- From: Robin Berjon <robin@robineko.com>
- Date: Thu, 7 Oct 2010 16:20:08 +0200
- To: Rich Tibbett <rich.tibbett@gmail.com>
- Cc: "public-device-apis@w3.org WG" <public-device-apis@w3.org>, Anssi Kostiainen <anssi.kostiainen@nokia.com>, Rich Tibbett <richt@opera.com>, "Oksanen Ilkka (Nokia-MS/Espoo)" <Ilkka.Oksanen@nokia.com>, "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
On Oct 6, 2010, at 20:32 , Rich Tibbett wrote: > Rather than taking clickjacking as the jumping off point perhaps focusing on preventing/managing 'synthesized click events' is the way to go here. > > Instead, I believe the answer lies in enforcing the DOM Level 3 Events specification behaviour around "user-initiated activation triggers" and "trusted" events: > > http://www.w3.org/TR/DOM-Level-3-Events/#trusted-events That's certainly an option, and it's what popup-blocking mostly does. It's also what input type file does currently, though that is apparently being removed as a limitation (which is excellent news). -- Robin Berjon robineko — hired gun, higher standards http://robineko.com/
Received on Thursday, 7 October 2010 14:20:38 UTC