- From: Allan Sandfeld Jensen <kde@carewolf.com>
- Date: Tue, 5 Dec 2006 11:25:53 +0100
- To: www-style@w3.org
On Tuesday 05 December 2006 11:11, Octavio Alvarez Piza wrote: > On Sat, 2 Dec 2006 10:00:36 -0500 > > "Robert Chapin" <w3-list@info-svc.com> wrote: > > If UAs interpret this property as a display feature for non-password > > inputs, then a phisher could create a quasi-password input under CSS3 > > that appears identical to a legitimate password input. > > Or worse, if by any chance (intentional, technical failure or otherwise) > the CSS file never gets to the UA or gets severely delayed, the "trusted" > passwords would be left unprotected to the sight of everybody near that PC. > Well hopefully the UA will not autocomplete to a non-password fields using data that has been entered into a password field. `Allan
Received on Tuesday, 5 December 2006 10:26:14 UTC