- From: Ian Fette <ifette@google.com>
- Date: Thu, 17 Jan 2008 10:36:59 -0800
- To: public-wsc-wg@w3.org
- Message-ID: <bbeaa26f0801171036q66f6a541xd65c5d1837a75eb3@mail.gmail.com>
I am not sure I fully understand the new text. "The editor bar MUST be displayed..." - is this saying it must be omnipresent, or that when it is displayed after being invoked by the user, it should have the customized theme etc? On Jan 17, 2008 9:54 AM, Thomas Roessler <tlr@w3.org> wrote: > > I've moved most of the Wiki text about picture-in-picture attacks > [1] into the current editor's draft: > > Many graphical user agents are vulnerable to picture-in-picture > attacks: Graphic and script elements within an HTML page are used > to simulate the look and feel of browser chrome. The attacker's > goal is to recreate a convincing mockup of the browser chrome > entirely within the content page, in order to provide (false) > indicators of security to the user. > > In these user agents, the editor bar MUST be displayed using a > theme customized to the user. The user selects this theme at > browser installation time and it remains forever the same. The > icon for the Contacts button MUST also be selected by the user at > installation time. > > -- > http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-picture-in-picture > > 1. http://www.w3.org/2006/WSC/wiki/NoteTestCases > > I believe that ISSUE-126 can be closed. > > Regards, > -- > Thomas Roessler, W3C <tlr@w3.org> > >
Received on Thursday, 17 January 2008 18:37:10 UTC