W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: UI issues for security consideration

From: Eduardo Vela <sirdarckcat@gmail.com>
Date: Fri, 4 Dec 2009 22:21:10 +0800
Message-ID: <8ba534860912040621l2fb59370q49c2629859abf5d9@mail.gmail.com>
To: public-web-security@w3.org
I think the wiki should include examples, and I think security community
will be happy to provide them.. if noone opposes against that I'll start
doing so when I find time.

Regarding UI issues, maybe covering LTR/RTL chars on browser's dialog boxes
would be wise on the Spoofing section.

Stuff like:

"The website [URL] wants to be your default homepage, ok? [OK]"

with this input:


will be shown in some browser's dialogs as:

The website wants to show you some cool stuff! check it out:
http://www.google.com/obfuscated?x?ko ,egapemoh tluafed rouy eb ot

Some rather popular browser has an issue like this.. and they aint fixing

-- Eduardo

Sent from Hangzhou, 33, China
Received on Saturday, 5 December 2009 14:29:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC