- From: Gervase Markham <gerv@mozilla.org>
- Date: Fri, 8 Apr 2016 14:38:53 +0100
- To: Rich Schwerdtfeger <richschwer@gmail.com>
- Cc: Virginie.Galindo@gemalto.com, public-web-security@w3.org, ARIA <public-aria@w3.org>, Mike Cooper <cooper@w3.org>
On 06/04/16 21:27, Rich Schwerdtfeger wrote: > ARIA is not meant to be the web police. The reality is that people are > doing this in the wild and if you are interacting with one of these > things and you can’t see the screen you want to know what the intent of > the author is. So the target of this feature is people who care enough about web accessibility to include ARIA roles, but not enough to use semantic markup? > So, we agree that people should not do this but if a user encounters it > they need to know what it is for. Does adding the role attribute with a > value of “password" create a security problem that was not there before? Well, it encourages people to use non-password fields for passwords, which is arguably a security problem because if people's password managers don't save the passwords, they are more likely to use bad (simple, short) passwords. Gerv
Received on Friday, 8 April 2016 13:39:24 UTC