Re: [whatwg] Proposal: Write-only submittable form-associated controls. from Eduardo' Vela\ on 2014-10-17 (public-whatwg-archive@w3.org from October 2014)

From: Eduardo' Vela\ <evn@google.com>
Date: Fri, 17 Oct 2014 12:19:50 +0200
To: Mike West <mkwst@google.com>
Cc: WHAT Working Group Mailing List <whatwg@whatwg.org>
Message-ID: <CAFswPa8_L3SdCGqM85FQB3ZT_HunOL32jfdMaZaqphKCAKX_Jg@mail.gmail.com>

I would be happy to be proven wrong, but it's unlikely the amount of effort
this will incur will be worth the small number of sites that will use it
(large sites probably won't, and small sites, as usual, won't even know
about it's existence). In addition, it's going to be such a fragile
security control that I suspect will be the next XSS Auditor in terms of "a
bypass is always 1 hour away".

Received on Friday, 17 October 2014 10:20:36 UTC