- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Tue, 18 Feb 2014 10:14:47 -0800
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Sigbj�rn Vik wrote: > XSS is a serious issue on the web, but it is well known how to fix it. > Phishing is an even worse issue on the web, with no simple ways for > fixing. Fixing a serious issue at the cost of an even worse one seems > like a suboptimal tradeoff, especially when an almost identical solution > exists without the tradeoff. I think I'm lost... how does this relate to phishing? I can't agree that that phishing is worse than XSS, but maybe we mean different things by phishing because I don't see the connection. What is the "almost identical solution... without the tradeoff"? Simply dropping paths as Mike suggested? Sorry for being dense but this is a long thread and I'm not entirely sure which of the suggested solutions you mean. -Dan Veditz
Received on Tuesday, 18 February 2014 18:15:09 UTC