| CARVIEW |
Select Language
HTTP/2 301
date: Wed, 08 Oct 2025 07:13:47 GMT
content-type: text/html; charset=ISO-8859-1
location: https://lists.w3.org/Archives/Public/public-wsc-wg/2008Jan/0192.html
cf-ray: 98b3d667ea31999b-BLR
cache-control: max-age=21600
expires: Wed, 08 Oct 2025 13:13:47 GMT
x-backend: www-mirrors
x-request-id: 98b3d667ea31999b
strict-transport-security: max-age=15552000; includeSubdomains; preload
content-security-policy: frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests
cf-cache-status: EXPIRED
set-cookie: __cf_bm=2WvndjXGoJfGt3gsay4NKL8WNJ5fPidIhKlhKZn1J0Y-1759907627-1.0.1.1-cQQYg6.k5cVijEkcvYsgI8uCj91SWqF3HoO3sIdo7iJuiRnEiNRZQOoWvtT_u_l5_d4YVW57DnRaM5CdpIM5_Ee60bkT.uLaQ4v4QWuVzkg; path=/; expires=Wed, 08-Oct-25 07:43:47 GMT; domain=.w3.org; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
HTTP/2 200
date: Wed, 08 Oct 2025 07:13:48 GMT
content-type: text/html
content-encoding: gzip
last-modified: Thu, 13 Jul 2023 18:20:01 GMT
cache-control: max-age=2592000, public
expires: Fri, 07 Nov 2025 07:13:47 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-request-id: 98b3d66e4b2d4e3d
strict-transport-security: max-age=15552015; preload
x-frame-options: deny
x-xss-protection: 1; mode=block
cf-cache-status: MISS
server: cloudflare
cf-ray: 98b3d66e4b2d4e3d-BLR
alt-svc: h3=":443"; ma=86400
Re: ACTION-356: picture-in-picture attacks from Ian Fette on 2008-01-17 (public-wsc-wg@w3.org from January 2008)
Re: ACTION-356: picture-in-picture attacks
- From: Ian Fette <ifette@google.com>
- Date: Thu, 17 Jan 2008 10:36:59 -0800
- To: public-wsc-wg@w3.org
- Message-ID: <bbeaa26f0801171036q66f6a541xd65c5d1837a75eb3@mail.gmail.com>
I am not sure I fully understand the new text. "The editor bar MUST be displayed..." - is this saying it must be omnipresent, or that when it is displayed after being invoked by the user, it should have the customized theme etc? On Jan 17, 2008 9:54 AM, Thomas Roessler <tlr@w3.org> wrote: > > I've moved most of the Wiki text about picture-in-picture attacks > [1] into the current editor's draft: > > Many graphical user agents are vulnerable to picture-in-picture > attacks: Graphic and script elements within an HTML page are used > to simulate the look and feel of browser chrome. The attacker's > goal is to recreate a convincing mockup of the browser chrome > entirely within the content page, in order to provide (false) > indicators of security to the user. > > In these user agents, the editor bar MUST be displayed using a > theme customized to the user. The user selects this theme at > browser installation time and it remains forever the same. The > icon for the Contacts button MUST also be selected by the user at > installation time. > > -- > https://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-picture-in-picture > > 1. https://www.w3.org/2006/WSC/wiki/NoteTestCases > > I believe that ISSUE-126 can be closed. > > Regards, > -- > Thomas Roessler, W3C <tlr@w3.org> > >
Received on Thursday, 17 January 2008 18:37:10 UTC