- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 07 May 2008 21:04:48 -0500
- To: Scott Shattuck <idearat@mindspring.com>
- CC: "Web API WG (public)" <public-webapi@w3.org>
Scott Shattuck wrote: > I'm not trying to be difficult, far from it. I'm just trying to truly > understand where you see things headed in this regard. It's still in flux, but there's a general goal to not have ways for sites to have expanded privileges. If you have use cases that require those, I'd love to see the details (in private mail) so that we can make sure that we continue addressing those usecases.... > Recent mozilla builds have actually > started to fail to work with this approach because in my case the > top-level index.html file loads a frameset document containing a > javascript file which does the real work of booting the application and > that lower-in-the-directory-structure js file's location appears to be > used as the root of the "accessible file tree" rather than the original > index.html file used to launch the application. Odd. Please file a bug? And please make sure that you're using the latest pre-rc1 builds; this area of code has seen a lot of change in the near past, as I said. > What I'm hearing in this thread is that you're suggesting this will get > worse -- perhaps to the point that it will stop working altogether. Possibly, yes. Again, it's hard to say without knowing what use cases you need addressed... > That file: urls launched in this fashion might not work due to an inability > to somehow decide what's safe and what's not. Well. A file:// URI writing the user's other files is not safe. Period. The only question is whether it makes sense to allow users to permit such an unsafe action. > That I'll have had to have initially run the app from a local or remote web server Or put the parts that require expanded privileges into an extension, say. But yes, that would indeed require an install of the extension. > (Scenarios, I might point out, which require precisely what my user community does not want Again, I'd love a complete description of your requirements with regard to this stuff. > People are used to double-clicking on index.html, Mozilla is already > breaking that model. We shouldn't be, with current 1.9 builds. Please, please double-check on this. > direction doesn't appear to be in the best interest of the end user > whose got double-click hard-wired into their mouse hand. The goal is to not make that double-click exploit them. Or put another way, if they save a web page and then double-click to open it, that should be safe. It should NOT allow that page to do anything it couldn't do before, if at all possible. -Boris
Received on Thursday, 8 May 2008 02:11:47 UTC