- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 27 Aug 2012 10:59:36 -0700
- To: yuming huang <http.client.security@hotmail.com>
- Cc: public-web-security@w3.org
You might not get the kinds of responses you're looking for from this mailing list. You might find better information from OWASP: https://www.owasp.org/ Adam On Fri, Aug 24, 2012 at 2:06 PM, yuming huang <http.client.security@hotmail.com> wrote: > Hi, > > The following questions are about current HTML standard (HTML 4.0, 4.1, > 5.0?), as well as actual implementations (Internet Explorer, Firefox, > Chrome). > > 1. Is silent download other than the HTML file itself allowed? How does it > work if possible? How to prevent it from happening? > For example(IE), a user types in a url and hits enter key. IE renders a web > page (user sees it) and downloads a binary file silently to user's PC (user > does not know). Later the binary gets to run. > > 2. What are the means for web server to collect infomation from a web client > user? Form, Cookie, browser signature... > > > I searched http://lists.w3.org/Archives/Public/public-web-security/ but > found no result. > > > Thanks! > >
Received on Monday, 27 August 2012 18:00:40 UTC