- From: Anssi Kostiainen <anssi.kostiainen@nokia.com>
- Date: Wed, 20 Oct 2010 18:23:05 +0300
- To: ext Robin Berjon <robin@robineko.com>
- Cc: Rich Tibbett <rich.tibbett@gmail.com>, "public-device-apis@w3.org WG" <public-device-apis@w3.org>, Rich Tibbett <richt@opera.com>, "Oksanen Ilkka (Nokia-MS/Espoo)" <Ilkka.Oksanen@nokia.com>, "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
Hi, On 7.10.2010, at 17.20, ext Robin Berjon wrote: > On Oct 6, 2010, at 20:32 , Rich Tibbett wrote: >> Rather than taking clickjacking as the jumping off point perhaps focusing on preventing/managing 'synthesized click events' is the way to go here. >> >> Instead, I believe the answer lies in enforcing the DOM Level 3 Events specification behaviour around "user-initiated activation triggers" and "trusted" events: >> >> http://www.w3.org/TR/DOM-Level-3-Events/#trusted-events > > That's certainly an option, and it's what popup-blocking mostly does. It's also what input type file does currently, though that is apparently being removed as a limitation (which is excellent news). For those who may not read the meeting minutes, Robin referred to the way how input type file supports synthesized click events in Firefox 4: https://developer.mozilla.org/en/Using_files_from_web_applications#Using_hidden_file_input_elements_using_the_click%28%29_method So let's pave the cowpaths with this one. -Anssi
Received on Wednesday, 20 October 2010 15:24:08 UTC