J. Graham wrote:
On Sat, 22 Oct 2005, Lachlan Hunt wrote:
It could be defined in reverse, where the ping attribute (probably
given a more suitable name, but I'll use ping for now) could be
advisory information about the final destination and the href
attribute defines the ping destination, such that following the href
attribute would perform a redirect, but WA1 UAs could use the URI in
the ping attribute to notify the user of the final destination (such
as displaying it in the status bar).
<a href="scamsite.com" ping="ebay.com">
<a href="http://scamsite.com/";>Ebay.com</a>
What's the difference?
Sure it's not much in the face of an alert and savvy web user but
there's a reason channging the status bar via js can be disabled (is it
disabled by default?)
Sure, scams are always a risk. It could be defined that if the location
returned with the redirect does not match that in the ping attribute,
that the user should be immediately notified of the deception. For
legitimate cases, where the href is merely a redirection to the final
destination, the user will get there without any problems.
Also, the current draft of ping states:
| When the ping attribute is present, user agents should clearly
| indicate to the user that following the hyperlink will also cause
| secondary requests to be sent in the background, possibly including
| listing the actual target URIs.
Perhaps the notification (whether in the status bar, tool tip or
whatever) could state somthing like:
ebay.com via scamsite.com
Or maybe:
scamsite.com, redirecting to ebay.com
As long as it clearly indicates the intention in a way that also
prevents its abuse by scammers.
--
Lachlan Hunt
http://lachy.id.au/
