- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 23 Apr 2010 14:35:18 -0400
On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard<chuck at jumis.com> wrote: > Boris, you haven't provided me with any reasoning/room to address the issue. Sorry. The point is that providing for dynamic privilege escalation (in the sense that the permissions of a chunk of code change on the fly) is not something we plan to support going forward. In particular it imposes significant performance costs on our JavaScript implemenation which we would obviously like to eliminate. I see no problems with exposing a resetOriginClean method to "trusted" code; my problem is with a setup where code transitions from trusted to untrusted, and with random gradations in trust levels that enforce security checks all over the place. That's what we would not want to implement. > It'd only prompt the user for permissions in the same cases that > enablePrivilege does. Which is about to become "never" in Gecko as soon as we can make it happen.... > I'm just trying to standardize the really awkward experience a > trusted application has to go through to grab permitted image data. If an application is trusted (in the "system principal" sense in Mozilla, not in the broken enablePrivilege sense), how did it end up with a dirty canvas to start with? I do think the CORS suggestion elsewhere in this thread is a good one, by the way. -Boris
Received on Friday, 23 April 2010 11:35:18 UTC