W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2008

[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

From: Bonner, Matt <matt.bonner@hp.com>
Date: Tue, 7 Oct 2008 23:17:07 +0000
Message-ID: <57221E38FB4DD54C946CE654959A554D1AB1A01F49@GVW0436EXB.americas.hpqcorp.net>
not speaking for HP here...

Elliotte Harold wrote:

> I don't have time to respond in detail to each of the valid points
> your raise.  I may later. However each of them can be handled in a
> different way that doesn't require third party content and mashups.
> The reason we have designed these systems this way is because it was
> quick and easy, not because it was the only way to do these tasks. 

That seems overly simplified.  Allowing links across sites creates
networks. I can link to a graph of the TED spread [1], to a real-time 
picture of the traffic on a nearby freeway and to a calendar gadget 
from three different sites because those sites are authorities for 
those topics.

Of course there's your way around all that: making local copies. But 
that brings obvious costs in network and disk usage. Also, the same-
host restriction raises the barrier to the average user making a web 
page.  And quite obviously, many companies would take umbrage if page
authors copied their contents. There are doubtless other problems w/
the same-host approach, but these are a few big ones I see.

Matt

[1] http://en.wikipedia.org/wiki/TED_spread
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4798 bytes
Desc: not available
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081007/9cdbc1da/attachment.bin>
Received on Tuesday, 7 October 2008 16:17:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:06 UTC