ISSUE-232

Clarifications for 7.4.1 (Obscuring or disabling Security User Interfaces)

State:
OPEN
Product:
wsc-xit
Raised by:
Thomas Roessler
Opened on:
2009-09-21
Description:
From LC-2255:

> Web user agents MUST prevent web content from obscuring, hiding, or disabling security user interfaces.

This is impossible in a multi-window web user agent in an overlapping
window manager (e.g., every major browser on every major
general-purpose operating system).

> Web user agents MUST NOT allow web content to open new windows with the browser's security UI hidden.

This precludes innovative solutions to the full-screen video problem,
like Flash's disabling of the keyboard to prevent password theft.

> Web user agents MUST prevent web content from overlaying chrome. User interactions that are perceived to deal with browser chrome must not be detectable for Web content.

This is generally not the case for keyboard user interactions.  In
typical user agents, keyboard events are sent to the content area
before being processed by browser chrome.
Related Actions Items:
No related actions
Related emails:
  1. Re: Agenda: WSC WG distributed meeting, Wednesday, 2009-10-14 (from ifette@google.com on 2009-10-13)
  2. Re: Agenda: WSC WG distributed meeting, Wednesday, 2009-10-14 (from yngve@opera.com on 2009-10-13)
  3. Agenda: WSC WG distributed meeting, Wednesday, 2009-10-14 (from mzurko@us.ibm.com on 2009-10-13)
  4. ISSUE-232: Clarifications for 7.4.1 (Obscuring or disabling Security User Interfaces) [wsc-xit] (from sysbot+tracker@w3.org on 2009-09-21)

Related notes:

No additional notes.

Display change log ATOM feed

Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker, originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.231 2009/11/16 15:00:54 dom Exp $