- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Tue, 13 May 2008 11:55:45 -0400
- To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
I would agree with this change. However, the difference should be that the DANGER message appears to be much more severe. Maybe also make it harder to override, but not impossible (e.g. clicking an option in preferences). serge Web Security Context Working Group Issue Tracker wrote: > > ISSUE-198 (Be the user's agent and do their bidding): 6.4.4 Danger messages should not strictly forbid user agents from doing the user's bidding [wsc-xit] > > http://www.w3.org/2006/WSC/track/issues/ > > Raised by: Ian Fette > On product: wsc-xit > > Section 6.4.4 danger messages says "These interactions MUST be presented in a way that makes it impossible for the user go to or interact with the destination web site that caused the danger situation to occur." This is unacceptable, as the user agent is precisely that - the user's agent. The browser should never prevent the user from reaching the page that they wish. It can warn users, but should always offer a way to proceed, even if this includes some very longish set of steps to do so. At the end of the day though, the user must be able to proceed. > > My suggested change: Change that text to say "These interactions MUST be presented in a way that makes it impossible for the user go to or interact with the destination web site that caused the danger situation to occur, without first explicitly interacting with the Danger Message." > > I'm really having trouble reasoning if there should be a difference between DANGER and WARNING at all. Perhaps the only difference is that the text is harsher in DANGER messages? > > > > -- -- /* PhD Candidate Carnegie Mellon University "Whoever said there's no such thing as a free lunch was never a grad student." All views contained in this message, either expressed or implied, are the views of my employer, and not my own. */
Received on Tuesday, 13 May 2008 15:56:28 UTC