- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 14 Oct 2009 13:24:26 +0200
- To: WSC WG public <public-wsc-wg@w3.org>
- Message-Id: <C243E6B7-C691-4816-9D06-4600EBB55DD4@w3.org>
I propose this text for 7.4.3: > User agents often include features that enable Web content to update > the user's bookmark file, e.g. through a JavaScript API. If > permitted unchecked, these features can serve to confuse users by, > e.g., placing a bookmark that goes by the same name as the user's > bank, but points to an attacker's site. > > Web user agents MUST NOT permit Web content to add bookmarks without > explicit user consent. > > Web user agents MUST NOT permit Web content to add URIs to the > user's bookmark collection that do not match the URI of the page > that the user currently interacts with. > This addresses Adam's concern as discussed during the last conference call. However, looking at the second MUST NOT, I'm having second thoughts: - Presumably, fragment identifiers don't play a role in the "match" here. That would need a mention. - There might be innocuous (or even beneficial cases) that user agents can determine are safe, but that aren't permitted here. E.g., a web site might want to bookmark an https version of itself, off the http version. We currently forbid that. I don't know that we'll be able to enumerate all the salient cases, but (gasp) wonder about a SHOULD NOT instead of the MUST NOT here. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 14 October 2009 11:24:30 UTC