- From: Michael Cooper <cooper@w3.org>
- Date: Wed, 10 Dec 2014 12:58:08 -0500
- To: public-webappsec@w3.org, WAI Liaison <wai-liaison@w3.org>
- Message-ID: <548889B0.2050700@w3.org>
The Protocols and Formats Working Group has reviewed the Mixed Content
specification and has two comments:
1) Section 4.3 - UI Requirements
http://www.w3.org/TR/2014/WD-mixed-content-20140722/#requirements-ux
There is a requirement that the UI have a visual indication as to
whether the connection is secure or not:
If a request for optionally blockable passive resources which are
mixed content is not treated as active content (per requirement #3
above), then the user agent MUST NOT provide the user with a visible
indication that the top-level browsing context which loaded that
resource is secure (for instance, via a green lock icon). The user
agent SHOULD instead display a visible indication that mixed content
is present.
It is important to have a requirement that the indication is also
available to assistive technology. Current implementations have an image
icon that is not made available to accessibility APIs.
2) Section 4.4 - User Controls
http://www.w3.org/TR/2014/WD-mixed-content-20140722/#requirements-user-controls
There are some MAY statements about user agents offering controls to
limit exposure to blockable passive content and active mixed content.
Such controls need to be available to the assistive technology as well.
For the PFWG,
Michael Cooper
Received on Wednesday, 10 December 2014 17:58:18 UTC