ISSUE-194 (SizeMatters): Window sizing a must [wsc-xit] from Web Security Context Working Group Issue Tracker on 2008-04-25 (public-wsc-wg@w3.org from April 2008)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 25 Apr 2008 18:14:41 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20080425181441.EF511C6DB0@barney.w3.org>

ISSUE-194 (SizeMatters): Window sizing a must [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Mary Ellen Zurko
On product: wsc-xit

http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#Robustness

Change SHOULD's to MUSTs in the following: 

Web user agents SHOULD restrict window sizing and moving operations 
consistent with 7.1.2 Keep Security Chrome Visible. This prevents attacks 
wherein browser chrome is obscured by moving it off the edges of the 
visible screen.
Web user agents SHOULD NOT allow web content to open new windows with the 
browser's security UI hidden. Allowing this operation facilitates 
picture-in-picture attacks, where artificial chrome (usually indicating a 
positive security state) is supplied by the web content in place of the 
hidden UI.

Received on Friday, 25 April 2008 18:15:11 UTC