W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

From: Robert O'Callahan <robert@ocallahan.org>
Date: Mon, 29 Sep 2008 10:15:12 +1300
Message-ID: <11e306600809281415s477a7a6co7c230eb5deb84891@mail.gmail.com>
On Mon, Sep 29, 2008 at 12:17 AM, Michal Zalewski <lcamtuf at dione.cc> wrote:

> On Sun, 28 Sep 2008, Robert O'Callahan wrote:
>  There is no way in the world that Microsoft would implement your option 3
>> in a security update to IE6.
> Sure, I'm not implying this. I simply have doubts about any other major
> security changes making it into MSIE8 or Firefox 3.

As one of the people who makes these decisions, I can tell you that I'd be a
lot more comfortable cramming option 1 into Firefox 3 or 3.1 than option 3.
Apart from the other reasons I've already raised, option 1, being much
simpler and with few degrees of freedom, would take a lot less time to
analyze and converge on a spec.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080929/234fd73b/attachment.htm>
Received on Sunday, 28 September 2008 14:15:12 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC