W3C home > Mailing lists > Public > public-html@w3.org > January 2009

RE: html sans html

From: Travis Leithead <Travis.Leithead@microsoft.com>
Date: Wed, 21 Jan 2009 17:06:37 -0800
To: Kornel Lesiński <kornel@geekhood.net>, Ian Hickson <ian@hixie.ch>
CC: "public-html@w3.org" <public-html@w3.org>
Message-ID: <0003CB8B8FE2154EB50431DB2B8F69C01BECC0C8C3@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>

An attempt at preventing some classes of spoofing attacks. Perhaps we'll clean it up next release...

See "Allow websites to prompt for information using scripted windows" in the Security Settings dialog to restore IE6 behavior.


-----Original Message-----
From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Kornel Lesinski
Sent: Wednesday, January 21, 2009 4:31 PM
To: Ian Hickson
Cc: public-html@w3.org
Subject: Re: html sans html

On 22.01.2009, at 00:07, Ian Hickson wrote:

>> I am pretty confident that IE6 didn't do this sort of thing, so I
>> fear
>> it is one of many of modern browsers' attempts to hobble my
>> quirk-infested ways of teaching subjects using technology when
>> chalk and
>> blackboards might be preferable. Does the spec address this and if so
>> whose browser is handling it correctly?
> Per HTML5, all but IE seem to be handling this correctly. Browsers
> that
> allowed the script to be aborted while the dialogs were up get extra
> credit.
> I don't understand IE's behavior... Is this an over-zealous popup
> blocker?

It's the fear of IE's Local Zone exploits. Pages opened form disk need
to have Mark of the Web to run without warnings:

Fortunately this behavior doesn't need to be specified in HTML5, as
other browsers don't have such policies, and MOTW causes nothing but

regards, Kornel
Received on Thursday, 22 January 2009 01:05:43 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:41 UTC