- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Fri, 5 Oct 2007 07:52:32 -0500
- To: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Hey folks, In 7.3.1 (the robustness sections I added recently) there is a line that states: > Web user agents MUST NOT expose programming interfaces which permit > installation of software, or execution of privileged code without > user intervention. Tyler asked on a call whether this would be intended to cover things like signed ActiveX controls, which some browsers might want to execute automatically. I took an action to put the question to the list. My own sentiment is that yes, executing privileged code without asking the user's permission -- even if that code is signed -- is explicitly non-conforming. Unless we want to start specifying or referencing acceptable kinds of code-signing or -validation in some detail, I don't think it's worthwhile to try to write exceptions into this requirement, so my proposal is to leave the wording as-is. If you're unhappy with this restriction and want to propose alternative wording, or if you're basically in agreement, but think explanatory text needs to be added which addresses this situation, now's your chance! Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Friday, 5 October 2007 12:53:09 UTC