- From: <bugzilla@jessica.w3.org>
- Date: Fri, 08 Oct 2010 20:38:49 +0000
- To: public-html-a11y@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=10994 Aryeh Gregor <Simetrical+w3cbug@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Simetrical+w3cbug@gmail.com --- Comment #1 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2010-10-08 20:38:48 UTC --- On the other hand, this is a useful feature, and axing it would be sad. MediaWiki has to do a lot of guesswork here to create useful tooltips, which will fail on even slightly exotic browsers: http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/skins/common/wikibits.js?view=markup#l237 The is_* variables there are basically just UA-string regexes. All major browsers use a consistent key assignment scheme as far as I know, so that should normally add no information beyond the UA string. People using obscure browsers are already easy to fingerprint. The only people who would be more easily fingerprinted seem like they'd be people using weird configurations, where the accesskey is non-default -- but is this really an issue? Surely there are lots of obscure configuration options in various browsers that will increase fingerprintability a lot. If fingerprinting is an issue, the browser can ignore the user option's value when reporting the accesskey. That will result in incorrect info being reported to the user by the website, maybe, but it's better than currently. This feature would still be useful if it always returned some fixed prefix that depends only on the browser concatenated with the value of the accesskey attribute. That would cover the large majority of cases. If that's what's needed to avoid security problems, I think it's preferable to killing the feature altogether. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Friday, 8 October 2010 20:38:50 UTC