- From: Paul Ellis <paul@ellisfoundation.com>
- Date: Thu, 22 Jul 2010 16:17:34 -0700
On Thu, Jul 22, 2010 at 2:48 PM, Mike Shaver <mike.shaver at gmail.com> wrote: > On Thu, Jul 22, 2010 at 5:32 PM, Luke Hutchison <luke.hutch at mit.edu> > wrote: > > On Thu, Jul 22, 2010 at 5:03 PM, Mike Shaver <mike.shaver at gmail.com> > wrote: > >> Would a UA that asked for the > >> user's permission the first time a bookmarklet is used (like some > >> prompt the first time a given helper app or URL scheme is used) be > >> compliant? > > > > You mean like Windows User Account Control? ;) > > No, I mean like the prompts for geolocation, popup windows, first-use > helper applications, first-use URL protocols, and similar. But my > question is more about what you propose to disallow, and why you > choose "disable" as the requirement. > This seems to be the wrong venue for this discussion but it is worth noting that IE8 doesn't allow drag-and-drop of javascript: links to the favorites bar. If you do right-click->Add to Favorites for a javascript: link it prompts "You are adding a favorite that might not be safe. Do you want to continue?" So clearly they think there is some security risk there. It doesn't impede a user from copying the link though and pasting it in the URL bar though. Even though I regularly type JavaScript in the URL bar I think it would be a smart change to make that disabled by default. There are already other things I go into about:config for. :) Paul Ellis -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100722/4026bbdd/attachment.htm>
Received on Thursday, 22 July 2010 16:17:34 UTC