- From: Octavio Alvarez Piza <alvarezp@alvarezp.ods.org>
- Date: Tue, 5 Dec 2006 02:11:40 -0800
- To: "Robert Chapin" <w3-list@info-svc.com>
- Cc: www-style@w3.org
On Sat, 2 Dec 2006 10:00:36 -0500 "Robert Chapin" <w3-list@info-svc.com> wrote: > If UAs interpret this property as a display feature for non-password inputs, > then a phisher could create a quasi-password input under CSS3 that appears > identical to a legitimate password input. Or worse, if by any chance (intentional, technical failure or otherwise) the CSS file never gets to the UA or gets severely delayed, the "trusted" passwords would be left unprotected to the sight of everybody near that PC. Octavio.
Received on Tuesday, 5 December 2006 10:12:00 UTC