- From: Travis Leithead <Travis.Leithead@microsoft.com>
- Date: Wed, 21 Jan 2009 17:06:37 -0800
- To: Kornel Lesiński <kornel@geekhood.net>, Ian Hickson <ian@hixie.ch>
- CC: "public-html@w3.org" <public-html@w3.org>
<shrug> An attempt at preventing some classes of spoofing attacks. Perhaps we'll clean it up next release... </shrug> See "Allow websites to prompt for information using scripted windows" in the Security Settings dialog to restore IE6 behavior. -Travis -----Original Message----- From: public-html-request@w3.org [mailto:public-html-request@w3.org] On Behalf Of Kornel Lesinski Sent: Wednesday, January 21, 2009 4:31 PM To: Ian Hickson Cc: public-html@w3.org Subject: Re: html sans html On 22.01.2009, at 00:07, Ian Hickson wrote: >> I am pretty confident that IE6 didn't do this sort of thing, so I >> fear >> it is one of many of modern browsers' attempts to hobble my >> quirk-infested ways of teaching subjects using technology when >> chalk and >> blackboards might be preferable. Does the spec address this and if so >> whose browser is handling it correctly? > > Per HTML5, all but IE seem to be handling this correctly. Browsers > that > allowed the script to be aborted while the dialogs were up get extra > credit. > > I don't understand IE's behavior... Is this an over-zealous popup > blocker? It's the fear of IE's Local Zone exploits. Pages opened form disk need to have Mark of the Web to run without warnings: http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx Fortunately this behavior doesn't need to be specified in HTML5, as other browsers don't have such policies, and MOTW causes nothing but confusion. -- regards, Kornel
Received on Thursday, 22 January 2009 01:05:43 UTC