- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Tue, 10 Apr 2007 20:25:33 -0000
- To: <public-wsc-wg@w3.org>
> From: Thomas Roessler [mailto:tlr@w3.org] > Coming back to the "has page complete rendering" piece of > context, I wonder if there is a security-related motivation > for looking at it that is different from the issues that you > get when content can be presented in multiple ways, possibly > by way of multiple modalities. > > If there is no such motivation, then I'd respectfully suggest > we drop it. I think there is a semantic difference between the user agent applying a set of user-specific stylesheets and the user agent inventing its own page style based of failure to fetch specified stylesheets. The latter scenario is a plausible attack vector for phishing. I think an indicator that communicates that the current rendering does not reflect the will of either the user or the page designer could be valuable. Tyler
Received on Tuesday, 10 April 2007 20:25:53 UTC