[whatwg] Please disallow "javascript:" URLs in browser address bars

Luke Hutchison luke.hutch at mit.edu
Thu Jul 22 21:58:30 PDT 2010


I should add that to complicate things, not all the social engineering
directions make it clear to the user that they will be pasting stuff
into the addressbar: e.g. I got one called "World's Hardest Riddle"
that selected the text in the box for you somehow and then told the
user that to see the riddle they had to type Ctrl-C, Alt-D, Ctrl-V,
Enter.  (i.e. copy, go to addressbar, paste, enter -- but how many
users even know what Alt-D does??  Most users would just think this
was some magic key sequence used to unlock the riddle...)

Thanks for the link to the Firefox bug, Daniel -- looks like you came
across the same trick as described in your comment.


More information about the whatwg mailing list