- From: <bugzilla@jessica.w3.org>
- Date: Wed, 23 Oct 2013 20:05:12 +0000
- To: public-html-admin@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23614 Bug ID: 23614 Summary: accessKeyLabel can expose new information about the user and possibly also other origins Product: HTML.next Version: unspecified Hardware: PC OS: All Status: NEW Keywords: a11y, a11ytf, a11y_focus Severity: normal Priority: P2 Component: default Assignee: chaals@yandex-team.ru Reporter: mark@w3.org QA Contact: public-html-bugzilla@w3.org CC: ayg@aryeh.name, cooper@w3.org, ian@hixie.ch, laura.lee.carlson@gmail.com, mike@w3.org, mounir@lamouri.fr, public-html-a11y@w3.org, public-html-admin@w3.org, public-html-wg-issue-tracking@w3.org, robin@w3.org, simonp@opera.com Depends on: 23613, 10888, 10994 +++ This bug was initially created as a clone of Bug #10994 +++ Since accesskeys are chosen depending on the user's platform and available keys and available key bindings in the browser/OS, accesskeyLabel exposes that information about the user which was not possible before, i.e. it increases the fingerprinting. Moreover, if a browser considers accesskeys from cross-origin iframes when assigning a key, accessKeyLabel exposes information about the cross-origin iframed document (if it uses accesskeys) which was not possible before, e.g. it might be possible to tell if the user is logged in on the other site. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Wednesday, 23 October 2013 20:05:15 UTC