- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Thu, 6 Aug 2009 09:28:12 +0300
- To: Charles McCathieNevile <chaals@opera.com>
- Cc: "Richard Schwerdtfeger" <schwer@us.ibm.com>, "HTMLWG WG" <public-html@w3.org>, "W3C WAI-XTECH" <wai-xtech@w3.org>
On Aug 5, 2009, at 20:39, Charles McCathieNevile wrote: > On Wed, 05 Aug 2009 08:46:59 -0400, Henri Sivonen <hsivonen@iki.fi> > wrote: >> * If the mapping from low-level platform APIs to a JS API is >> direct, malicious or incompetently written scripts can tell AT >> crazy things. Are ATs robust against apps telling them crazy >> things? Does the browser need to be able to sanitize the >> interaction instead of directly mapping the interfaces? > > This is a general problem. ATs and browsers have some rudimentary > protection against crazy information (e.g. for the summary > attribute), but there isn't a known general solution to this issue. > I don't think that the risk of lazy, incompetent or malicious coding > in canvas is likely to be far different from that in the rest of the > web (i.e. I suspect it will probably be something like an order or > two of magnitude more common than good practice). This is akin to > "this doesn't open any *new* security holes" - it is a long way from > perfect, but at least it enables us to do some useful things that we > couldn't otherwise. I didn't mean "crazy" as in semantically incorrect as far as the user is concerned. ARIA already provides enough rope for that. I'm concerned about having untrusted and badly tested code talking more directly to AT where AT might be written to assume it is talking with trusted and tested code. That is, I'm concerned that a more direct API could drive AT into untested states that could be crashy. Maybe this concern is a non-issue, and ATs are robust enough to deal. How do Java applets, Flash and Silverlight deal with untrusted code driving AT? -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
Received on Thursday, 6 August 2009 06:29:01 UTC