[Bug 9602] Autofocus attribute. from bugzilla@jessica.w3.org on 2010-08-05 (public-html-bugzilla@w3.org from August 2010)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Aug 2010 14:30:59 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Oh1TH-0004fa-Id@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=9602





--- Comment #13 from Shelley Powers <shelleyp@burningbird.net>  2010-08-05 14:30:59 ---
(In reply to comment #12)
> They would also be "vulnerable" to each new event handler attribute, etc.
> Blacklisting never works as security measure.

Whether it is effective or not, it exists. You can't count on getting a
specific "JavaScript turned off" in order to determine whether to enable the
autofocus attribute or not, and still consider the attribute secure.

It is insecure, period.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Thursday, 5 August 2010 14:31:01 UTC