elinks: Harmless Button

Janina Sajka janina at rednote.net
Tue Jul 19 17:25:53 EDT 2005


Well, and allowing some web site to execute script on your system
strikes me as a recipie for hacker invasion. In that light it's a goofy
thing for a security focused web service provider, Verisign in this
case, to use given that they have far safer, non invasive options.

Steve Holmes writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> Yes, I'm almost sure it is.  I think what happens is Bookshare hands us
> off to Verisign to process the order and at the end of the transaction,
> This page comes up.  Instructions leading up to this said that we are
> supposed to completely return to bookshare for the transaction to
> process correctly.  Well, This page in its uneditted form confirms my
> completed transaction and I did eventually get a confirmation e-mail
> from Bookshare confirming this.
> 
> I did write support at bookshare telling them my concerns as there was
> another hitch in the process that made me think I might have been double
> charged but this final page had a "confirmation number" which I hadn't
> seen at any other time so I'm probably out of the woods on that one.
> 
> You're right about the overkill of scripting just to provide a "return
> to vendor" type link on a website.  I think the biggest problem with web
> forms and accessibility is the lack of description or titles for
> buttons.  How many times have you been to a site where the "confirm" or
> "buy now"... buttons are never identified?  If you're luck, you can
> sometimes gleam a more accurate meaning of the button's function by
> parsing information from the button's URL.
> 
> On Tue, Jul 19, 2005 at 03:11:54PM -0400, Janina Sajka wrote:
> > Fascinating. Thanks for posting.
> > 
> > If I follow this correctly, the button is the code that reads:
> > 
> > <script
> > src="https://seal.verisign.com/getseal?host_name=payments.verisign.com&size=M&use_flash=NO&use_transparent=NO"></script>
> > 
> > If I had to guess, I'd say this was a graphic intended to give you
> > confidence in the Book Share SSL Certificate. But, why that requires a
> > script, or to be wrapped in a div is beyond me. Might be worth a note to
> > Book Share only because they may have better access to Verisgn for
> > accessibility issues. I definitely think there are several accessibility
> > issues with both the form and this "button."
> > 
> > I don't think Book Share is authorized to just recode this, if it really
> > is what I think it is. On the other hand, we need the financial services
> > industry to get a better grip on accessibility, and our national
> > organizations haven't made much headway in this regard yet. I suspect
> > Book Share might get a at least a ripple of consciousness from Verisign
> > out of this. At the absolute least they should know that one of their
> > power users found the usage inaccessible--meaning that the bulk of their
> > users would be even more befuddled.
> 
> - -- 
> HolmesGrown Solutions
> The best solutions for the best price!
> http://ld.net/?holmesgrown
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.7 (GNU/Linux)
> 
> iD8DBQFC3WlKWSjv55S0LfERA9EAAKCSaSXJNAI5fRfbmbFOCbzJhb+PpACg9c+Z
> KB2nozqZPx3b51NS0IgfaKs=
> =PSIL
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 

Janina Sajka				Phone: +1.202.494.7040
Partner, Capital Accessibility LLC	http://www.CapitalAccessibility.Com
Bringing the Owasys 22C screenless cell phone to the U.S. and Canada. Go to http://www.ScreenlessPhone.Com to learn more.

Chair, Accessibility Workgroup		Free Standards Group (FSG)
janina at freestandards.org		http://a11y.org




More information about the Speakup mailing list