2008/11/12 Felix <[EMAIL PROTECTED]>
>
> cl 2637 for issue 509 removed input type=password from the whitelist.
>
> I'm writing this out mainly for reference.
>
> arguments for input type=password
>
> * a gadget might want a password entry.
> without input type=password, the gadget
> would have to use type=text, and maybe
> simulate the password entry behavior.
>
> * most of the security concerns with type=password
> are also problems with type=text, so if type=text
> is an acceptable risk, type=password is probably also ok.
>
> arguments against input type=password
>
> * vulnerable to autocompletion exploits. see issue 527.
I don't understand the details of how autocomplete can be exploited. Do you
know of any documentation on this?
>
> autocompletion also affects type=text, but it's arguable
> that type=text is less likely to be sensitive data, and
> type=password should have stronger protection.
>
> that argument doesn't seem very compelling, since
> caja could enforce autocomplete=off.
>
What is the property we would want to enforce?
(1) When type is set to "password" via the tamed API (html-emitter and
DOMita), that autocomplete is off. And when the type is set to something
else, that autocomplete is restored to its value prior to the type change
unless it has been changed via the tamed API since the type change.
(2) Autocomplete is off for all inputs whose type is changed via the tamed
API. And autocomplete cannot be otherwise manipulated by the tamed API.
How would (1) interact with (IE?)'s inability to change the type?
Specifically the following set of events (foo = createElement('input'),
foo.type = 'password', document.documentElement.appendChild(foo), foo.type =
'checkbox').
>
> * perhaps gadgets should be discouraged from having any
> password inputs, because it desensitizes users to phishing.
>
> that argument doesn't seem very compelling, because a
> gadget author who blindly uses type=password could just
> blindly replace it with type=text.
>
> anything else?
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to
http://groups.google.com/group/google-caja-discuss
To unsubscribe, email [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
