- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 08 Dec 2009 07:32:44 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: "sird@rckc.at" <sird@rckc.at>, gaz Heyes <gazheyes@gmail.com>, Daniel Glazman <daniel@glazman.org>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
On Dec 8, 2009, at 1:40 AM, Adam Barth wrote: > > Does Giorgio have a way to measure how commonly he blocks these > things? That would be useful information for evaluating the costs of > disabling attribute selectors entirely. Before Daniel jumps all over > me, I'll say that it's a data point that's worth knowing in balancing > the security costs of a feature with its benefits. Some sites from my Safari Top Sites wall that use attribute selectors: http://digg.com/ http://reddit.com/ http://metafilter.com/ http://marginalrevolution.com/ http://kongregate.com/ This sample convinces me that removing attribute selectors entirely is probably not viable. Regards, Maciej
Received on Tuesday, 8 December 2009 15:33:18 UTC