[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Robert O'Callahan robert at ocallahan.org
Sun Sep 28 14:15:12 PDT 2008


On Mon, Sep 29, 2008 at 12:17 AM, Michal Zalewski <lcamtuf at dione.cc> wrote:

> On Sun, 28 Sep 2008, Robert O'Callahan wrote:
>
>  There is no way in the world that Microsoft would implement your option 3
>> in a security update to IE6.
>>
>
> Sure, I'm not implying this. I simply have doubts about any other major
> security changes making it into MSIE8 or Firefox 3.
>

As one of the people who makes these decisions, I can tell you that I'd be a
lot more comfortable cramming option 1 into Firefox 3 or 3.1 than option 3.
Apart from the other reasons I've already raised, option 1, being much
simpler and with few degrees of freedom, would take a lot less time to
analyze and converge on a spec.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080929/234fd73b/attachment-0001.htm>


More information about the whatwg mailing list