W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 08 Dec 2009 07:32:44 -0800
Cc: "sird@rckc.at" <sird@rckc.at>, gaz Heyes <gazheyes@gmail.com>, Daniel Glazman <daniel@glazman.org>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
Message-id: <3C1FCC1C-F35B-4557-A870-33D6023FB2F3@apple.com>
To: Adam Barth <w3c@adambarth.com>

On Dec 8, 2009, at 1:40 AM, Adam Barth wrote:

> Does Giorgio have a way to measure how commonly he blocks these
> things?  That would be useful information for evaluating the costs of
> disabling attribute selectors entirely.  Before Daniel jumps all over
> me, I'll say that it's a data point that's worth knowing in balancing
> the security costs of a feature with its benefits.

Some sites from my Safari Top Sites wall that use attribute selectors:


This sample convinces me that removing attribute selectors entirely is  
probably not viable.

Received on Tuesday, 8 December 2009 15:33:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC