Re: for discussion: ACTION-630 (apis and tags for bookmarking) from Mary Ellen Zurko on 2009-10-21 (public-wsc-wg@w3.org from October 2009)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Wed, 21 Oct 2009 10:03:21 -0400
To: "Thomas Roessler <tlr" <tlr@w3.org>
Cc: WSC WG public <public-wsc-wg@w3.org>
Message-ID: <OFA24C2EA6.80254D28-ON85257656.004D2AD4-85257656.004D35C3@LocalDomain>

Looks good to me.

I believe during our last conference call we decided to go with this as it 
is. 

> I propose this text for 7.4.3:
> User agents often include features that enable Web content to update
> the user's bookmark file, e.g. through a JavaScript API. If 
> permitted unchecked, these features can serve to confuse users by, 
> e.g., placing a bookmark that goes by the same name as the user's 
> bank, but points to an attacker's site.
> Web user agents MUST NOT permit Web content to add bookmarks without
> explicit user consent.
> Web user agents MUST NOT permit Web content to add URIs to the 
> user's bookmark collection that do not match the URI of the page 
> that the user currently interacts with.
> This addresses Adam's concern as discussed during the last conference 
call.
>

Received on Wednesday, 21 October 2009 14:03:54 UTC