W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2010

[whatwg] Device Element

From: Seth Brown <learc83@gmail.com>
Date: Wed, 29 Dec 2010 12:18:23 -0500
Message-ID: <AANLkTikF8VPCuMyegKUSBd5YF-RgWc8ZzQbu18Pn35P4@mail.gmail.com>
"unless you've changed security related settings." How is that any
different from the proposal?

Accessing the device tag should require user consent--the same as
changing "security related settings."

On Wed, Dec 29, 2010 at 12:04 PM, Jonas Sicking <jonas at sicking.cc> wrote:
> On Wed, Dec 29, 2010 at 6:48 AM, Diego Perini <diego.perini at gmail.com> wrote:
>> Hmmm...
>>
>> I can currently read incoming RS232 and USB data in my OS X using
>> Firefox 3.6.13 and the "file:" protocol:
>>
>> ? file:///dev/tty.BT-GPS010B62-SerialPort
>>
>> do I have an insecure system ? An insecure browser ?
>
> Can you do that from a webpage served from a http server? Can you do
> that from a HTML file saved to your desktop? Can you do that from a
> HTML file saved anywhere else on your filesystem?
>
> For firefox, the answer should be "no" in all three cases, unless
> you've changed security related settings. Thus the answer to your
> questions should be "no". Definitely file a bug on Firefox
> (bugzilla.mozilla.org) if that isn't the case.
>
> / Jonas
>
Received on Wednesday, 29 December 2010 09:18:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:02 UTC