Re: Security Evaluation Request

On 06/04/16 21:27, Rich Schwerdtfeger wrote:
> ARIA is not meant to be the web police. The reality is that people are
> doing this in the wild and if you are interacting with one of these
> things and you can’t see the screen you want to know what the intent of
> the author is. 

So the target of this feature is people who care enough about web
accessibility to include ARIA roles, but not enough to use semantic markup?

> So, we agree that people should not do this but if a user encounters it
> they need to know what it is for. Does adding the role attribute with a
> value of “password" create a security problem that was not there before?

Well, it encourages people to use non-password fields for passwords,
which is arguably a security problem because if people's password
managers don't save the passwords, they are more likely to use bad
(simple, short) passwords.

Gerv

Received on Friday, 8 April 2016 13:39:24 UTC