- From: Jim Ley <jim@jibbering.com>
- Date: Tue, 21 May 2002 14:56:06 -0000
- To: <w3c-wai-ua@w3.org>
"Jon Gunderson" <jongund@uiuc.edu> > I think that developers will not want to leave a hole open for programmatic > access to secure information. They can provide a secure API, but I don't > think this will work unless we have a spec available to show them now. I > don't think it is part of the current DOM requirements, but if it is then I > with draw my suggestion. I don't think we should require more information > be provided through the API than what the user would get through the > standard user interface. You can always do more. The value of the password element is already exposed in DOM 0 (and later), the asterixing is purely visual, it's often also misleading to user/developers that it is in some way more secure than other form elements, when it is not. I think it would be more useful to expose the value rather than the asterix's or blobs that are used now - it doesn't introduce any new security holes, and the information is not secure. For genuine secure information, that may be different, but do we have any? Jim.
Received on Tuesday, 21 May 2002 10:56:59 UTC