W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2010

[whatwg] Please disallow "javascript:" URLs in browser address bars

From: Ryosuke Niwa <ryosuke.niwa@gmail.com>
Date: Fri, 23 Jul 2010 11:36:05 -0700
Message-ID: <AANLkTikGrXgE=NxHM=QLkvvFFVU16CkQ_uX_P-TabX1g@mail.gmail.com>
I second that call.  While your suggestion seems to prevent some existing
social engineering, you must realize that HTML5 isn't going to be
recommended until ~2020.  By that time, everything we talk about social
engineering today will be completely obsolete.  Things like this are best
left to be taken care by UA vendors.  I suggest that you write a formal
request and send it to major UA vendors such as Apple, Google, Microsoft,
Opera, etc...

On Fri, Jul 23, 2010 at 8:26 AM, Jo?o Eiras <joaoe at opera.com> wrote:

> On Thu, 22 Jul 2010 21:32:39 +0100, Luke Hutchison <luke.hutch at mit.edu>
> wrote:
>  [snip]
>> Comments, please?
> This is entirely out of scope of any specification and 100% an user agent
> UI issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100723/ed1add49/attachment.htm>
Received on Friday, 23 July 2010 11:36:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:25 UTC