Hi Art and Marcos,
I didn't see this point discussed in the last widgets meeting minutes. Do you know if anybody has started work on any security guidelines for widgets? I noticed that in the "Web Security Context: User Interface Guidelines", for example this requirement[1] there may be some conflict with widgets / potential to put requirements there for the item below and others? Thanks, David. [1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice From: public-webapps-requ...@w3.org [mailto:public-webapps-requ...@w3.org] On Behalf Of David Rogers Sent: 22 October 2009 11:52 To: public-webapps@w3.org Cc: Barstow Art (Nokia-CIC/Boston) Subject: [widgets] viewmodes spec Hi there, At the last widgets call I agreed to ask OMTP BONDI members if there was any feedback on viewmodes. We didn't receive a lot of views but one thing I raised was that as far as I can tell, there is no text to cover off invisible widgets or widgets of, for example height and width 1x1. There may be a valid reason for someone to have an invisible widget but there are still some abuse scenarios - for example, if someone created a transparent widget that then maximises in front of your payment application just as you go to enter your PIN or password it could be a major issue. I'm not sure that anyone has started work on any widget security guidelines? Thanks, David. David Rogers OMTP Director of External Relations
