- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 08 Nov 2007 17:41:42 -0600
- To: Julian Reschke <julian.reschke@gmx.de>, "public-html@w3.org" <public-html@w3.org>
Julian Reschke wrote: > I don't see anything in Amazon, for instance, being a link but unsafe. As I always tell my students, as single example does not a proof make. In general, there are lots of sites out there making links look like buttons, making divs look like both, and doing weird stuff (JS execution, AJAX requests, etc) on link clicks.. > I do see lots of buttons that may initiate something safe, but links being > safe is the thing which is important, not buttons being unsafe. Perhaps a usability study is in order to see whether users really make this distinction: links are always safe but buttons might be unsafe. > How can it be not on purpose. It's not trivial to hide a POST behind a > text link. Sure it is. <a onclick="form.sumbit()">. > Let's educate web designers not to do that. Good luck. > More stuff that enables web pages to initiate a POST when it looks like > simple link navigation. I think you're trying to get the door closed after the horse escaped and the barn burned down.... -Boris
Received on Thursday, 8 November 2007 23:42:04 UTC