[whatwg] Select element suggestion

Tab Atkins Jr. jackalmage at gmail.com
Tue Jul 15 12:01:34 PDT 2008

On Tue, Jul 15, 2008 at 1:30 PM, Gervase Markham <gerv at mozilla.org> wrote:

> Csaba Gabor wrote:
>> Therefore, it makes sense to float those values to the top of the
>> select element in a reasonable way.  What's reasonable?  I would like
>> to suggest: frequencyLimit=percent
> I assume you would want this to work across different sites? If so, you
> have a privacy problem. I can tell with fairly good certainty what state you
> are from without you telling me; I just set up a hidden one of these and
> query the DOM. I can also find out the expiry month and year of your main
> credit card.
> Gerv

Good catch.  The proposed implementation appears to intended to be
cross-site, as it would key the frequency data off of the checksum computed
from the select (that is, purely from the chunk of code that the select
comprises).  It would not be difficult for evil sites to simply copy the
exact structure of <select>s on major sites and do as you suggest.

Perhaps checksumming off of a combination of the select text and the URI of
the document?  This reduces the ability to have, say, Texas always float to
the top of select elements, but that's already out of the question.  At
least it would allow a single often-visited site to compile your usage

A thought:  the intended use of the suggestion (allowing <select>s across
the internet to auto-recognize you) isn't likely to work in any case, simply
because it's unlikely that many sites will write their code exactly the
same.  Nearly all sites would have to recognize your preferences
individually and associate them with a personal checksum.  The only sites
that are likely to benefit from your expressed preferences are the
individual sites you select on, and evil sites doing as Gervase suggests.

As well, though an intelligent implementation of this *would* be somewhat
convenient in reducing keystrokes, it produces a potential decrease in
usability when different sites place your preferred selection in vastly
different places.  Existing practices produce nearly identical selects in
the cases that this proposal is intended for (common dropdowns, like state
and such), merely because there is already a defined ordering and most
places just copy their code from someone else because it's easier than
typing out all of the options.  I know that I get *very* confused when
United States isn't in its expected place (at the top of the list, of
course, since I'm such a country chauvinist), and would have a similar
problem if my state were moved around - I've internalized about how far down
I need to scroll to see my state on a dropdown.

