http client side security issues from yuming huang on 2012-08-24 (public-web-security@w3.org from August 2012)

From: yuming huang <http.client.security@hotmail.com>
Date: Fri, 24 Aug 2012 16:06:15 -0500
To: <public-web-security@w3.org>
Message-ID: <BAY162-W4317A44CC84E3604030E2D8BD0@phx.gbl>

Hi,
 
The following questions are about current HTML standard (HTML 4.0, 4.1, 5.0?), as well as actual implementations (Internet Explorer, Firefox, Chrome).
 
1. Is silent download other than the HTML file itself allowed?  How does it work if possible?   How to prevent it from happening?  
For example(IE), a user types in a url and hits enter key. IE renders a web page (user sees it) and downloads a binary file silently to user's PC (user does not know).  Later the binary gets to run.
 
2. What are the means for web server to collect infomation from a web client user?  Form, Cookie, browser signature...

 
I searched http://lists.w3.org/Archives/Public/public-web-security/  but found no result.
 
 
Thanks!

Received on Sunday, 26 August 2012 12:18:46 UTC