- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 17 Jan 2008 18:54:15 +0100
- To: public-wsc-wg@w3.org
I've moved most of the Wiki text about picture-in-picture attacks [1] into the current editor's draft: Many graphical user agents are vulnerable to picture-in-picture attacks: Graphic and script elements within an HTML page are used to simulate the look and feel of browser chrome. The attacker's goal is to recreate a convincing mockup of the browser chrome entirely within the content page, in order to provide (false) indicators of security to the user. In these user agents, the editor bar MUST be displayed using a theme customized to the user. The user selects this theme at browser installation time and it remains forever the same. The icon for the Contacts button MUST also be selected by the user at installation time. -- http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-picture-in-picture 1. http://www.w3.org/2006/WSC/wiki/NoteTestCases I believe that ISSUE-126 can be closed. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 17 January 2008 17:54:29 UTC