- From: Anil Saldhana <Anil.Saldhana@redhat.com>
- Date: Tue, 25 Sep 2007 23:27:39 -0500
- To: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Johnathan, the content has been transferred into the draft. Please inform if you have further comments. http://www.w3.org/2006/WSC/drafts/rec/rewrite.xml Cheers, Anil Thomas Roessler wrote: > On 2007-09-18 21:06:00 -0400, Johnathan Nightingale wrote: > > >> It's late, but I've taken a crack at putting the existing Mozilla >> robustness practices into rec track document language. The >> original wiki page is here: >> >> http://www.w3.org/2006/WSC/wiki/NoteMozillaCurrentPractice >> > > >> Proposed: >> >> That the placeholder content in section 7.3 be replaced with: >> > > Excellent, thanks! This looks lik a good starting point. I wonder > if it makes sense to break this material down in some more detail, > and map it to individual DOM APIs (however, we shouldn't limit it to > these); it's probably worth discussing this general laundry list > with the WebAPIs WG. > > I'll probably have more comments; however, from a quick skim through > this material, I think I can wait with them till we've got an FPWD > out. > > >> 7.3 APIs exposed to Web content >> >> User agents commonly allow web content to perform certain manipulations of >> agent UI and functionality (opening new windows, resizing existing windows, >> etc.) to permit customization of the user experience. These manipulations >> must be properly constrained to prevent malicious sites from concealing or >> obscuring important elements of the browser interface, or deceiving the user >> into performing dangerous acts. This section includes requirements and >> techniques to address known attacks of this kind. >> >> 7.3.1 Requirements (Normative) >> >> * Web user agents MUST prevent web content from obscuring, hiding, or >> disabling security UI. >> * Web user agents MUST NOT expose programming interfaces which permit >> installation of software, or execution of privileged code without user >> intervention. >> >> 7.3.2 Techniques (Normative) >> >> * Web user agents SHOULD restrict window sizing and moving operations to the >> visible desktop, where applicable. This prevents attacks wherein browser >> chrome is obscured by moving it off the edges of the visible screen. >> * Web user agents SHOULD NOT allow web content to open new windows with the >> browser's security UI hidden. Allowing this operation facilitates >> picture-in-picture attacks, where artificial chrome (usually indicating a >> positive security state) is supplied by the web content in place of the >> hidden UI. >> * Web user agents MUST inform the user and request consent when web content >> attempts to install or execute software outside of the browser environment. >> ** When informing users of this event, web user agents MUST employ a user >> interface which prevents immediate click through (e.g. with a briefly >> disabled OK button.) This prevents click-through and "whack a mole" attacks >> where users are encouraged by nuisance elements to continually click in a >> given location. >> * Web user agents SHOULD use difficult-to-spoof UI elements that cross the >> chrome-content border where appropriate. >> ** Web user agents MUST prevent web content from overlaying chrome. >> * Web user agents MAY restrict the opening of pop-up windows from web >> content, particularly those not initiated by user action. Creating >> excessive numbers of new popup windows is a technique that can be used to >> condition users to rapidly dismissing dialogs. This can be employed in >> "whack-a-mole" attacks as mentioned above. >> ** Web user agents which offer this restriction SHOULD offer a way to extend >> permission to individual trusted sites. Failing to do so encourages users >> who desire the functionality on certain sites to disable the feature >> universally. >> >> I also propose that I buy Mez a beer to apologize for taking so long. >> >> Cheers, >> >> J
Received on Wednesday, 26 September 2007 04:27:56 UTC