- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 2 Dec 2008 10:47:48 +0000 (UTC)
On Mon, 17 Nov 2008, Samuel Santos wrote: > On Wed, Nov 12, 2008 at 12:14 AM, Ian Hickson <ian at hixie.ch> wrote: > > On Tue, 11 Nov 2008, Samuel Santos wrote: > > > >> On Thu, 6 Nov 2008, Samuel Santos wrote: > > > >> > > > > >> > If changing the button text can be a security issue (e.g. > > > >> > induce the user to an action that he's not aware of), we can > > > >> > come up with some solutions. > > > >> > > > > >> > What about allowing the Author to change the control's locale? > > > >> > By doing so, the UA can then render the button with the same > > > >> > locale as the application without compromising the security. > > > >> > > > >> It seems like browsers should do this already based on the > > > >> lang="" attribute. I recommend asking browser vendors to > > > >> implement this. > > > > > > > > @lang will definitively fix the problem if browsers are willing to > > > > implement it. > > > > > > Ian, can I ask you to please check this with browser vendors? > > > > I don't think the problem is worth fixing, so I'm probably not the > > best person to convince them. :-) > > Ian, I've find it really hard to convince someone from english speaking > countries that this is an issue. But it really is. As is the limitation > of decoration of this control. As I noted above, I recommend asking browser vendors to implement this. > What I'm really trying here is to have a valid option in HTML5 so we don't > have to rely on techniques like these: > - http://swfupload.org/ > - http://www.quirksmode.org/dom/inputfile.html This is a security nightmare waiting to happen -- I'm surprised browsers let you even change the opacity. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 2 December 2008 02:47:48 UTC