- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 11 Apr 2007 14:20:25 +0200
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: public-wsc-wg@w3.org
On 2007-04-10 20:25:33 -0000, Close, Tyler J. wrote: > I think there is a semantic difference between the user agent > applying a set of user-specific stylesheets and the user agent > inventing its own page style based of failure to fetch specified > stylesheets. The latter scenario is a plausible attack vector for > phishing. I think an indicator that communicates that the current > rendering does not reflect the will of either the user or the > page designer could be valuable. I'd submit that this would likely be undecidable. Consider that Web Content might include scripting that might do whatever unintended things based on the fact that the client runs on an unintended platform. How do you determine if that leads to the intended rendering? Consider different levels of CSS conformance. Consider different levels of HTML conformance. Consider all kinds of constraints both on the user agent and in the network that might influence the rendering. I'd also argue it's useless and troublesome from a web architecture point of view, since part of the strength of that architecture is the notion that there is a separation of presentation and content. That implies that different presentations of the same content are essentially deemed appropriate (indeed, they are often necessary). The difference that you really want to determine is the one between the content communicated to the user by the current presentation and the content that was intended to be communicated. I don't think we can tackle that by way of an indicator. However, I'm wondering if there's value to a robustness mechanism that disables some of the factors that make a "this is what's intended" indicator so troublesome -- scripting in particular? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 11 April 2007 12:20:01 UTC