ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally?

What specific attacks are prevented by OS screenshots, should this be recommended against generally?

State:
PENDING REVIEW
Product:
UI Security
Raised by:
Opened on:
2012-11-01
Description:
The use of OS level screenshots for the UI Security input protection heuristic protects against certain classes of attack, but are more prone to interference from accessibility technologies. When should we recommend or recommend against their use?
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

Resolved with following spec text:

If a user agent is able to detect that accessibility technologies are in use
that cannot be applied uniformly as part of the <strong>obstruction
check</strong>, the check MUST be disabled. In some cases,
interference from accessiblity tools may be avoided by acquiring
the <strong>user image</strong> in terms of the user agent's local
rendering surface, rather than using an operating-system level
screenshot.

Brad Hill, 5 Mar 2013, 03:04:50

Display change log ATOM feed

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 28.html,v 1.1 2020/01/17 08:52:27 carcone Exp $