- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Wed, 4 Apr 2007 11:03:29 -0400
- To: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Just one thing I wanted to raise for discussion, from my last review
of the note.
Scope (§4 & §5)
It is not clear to me from the content on scoping whether we consider
recommendations that don't require UI as being in-scope. Example:
There is conversation in the community around mozilla supporting
a "noscript" tag that would allow sites like myspace to disable
javascript execution on sites with user-supplied content. There
wouldn't be any UI hit here, the user agent would just quietly not
execute potentially-dangerous code.
Putting aside the question of whether this particular recommendation
would fall afoul of the "no introducing new technology" section 5.4,
it seems like "user agents quietly fixing things" might be a fertile
ground for recommendations. Indeed, my own opinion is that a lot of
web security issues are best handled quietly by the user agent
instead of putting confusing information or questions to the user.
Does the group consider this kind of recommendation to be in scope,
or do we concern ourselves only with interactions that explicitly
include information/questions for the user? In either event, it
might be worthwhile to introduce clarifying language. If a consensus
is reached for or against, I will take an action to propose a text
change to the group.
Cheers,
Johnathan
---
Johnathan Nightingale
Human Shield
johnath@mozilla.com
Received on Wednesday, 4 April 2007 15:03:46 UTC