W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2011

[whatwg] Device Element

From: Diego Perini <diego.perini@gmail.com>
Date: Sun, 2 Jan 2011 21:51:15 +0100
Message-ID: <AANLkTimTBavrWH5wgN+JmnTjeOVixSck905_HAnXpXi0@mail.gmail.com>
On Wed, Dec 29, 2010 at 9:53 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 12/29/10 6:48 AM, Diego Perini wrote:
>>
>> Hmmm...
>>
>> I can currently read incoming RS232 and USB data in my OS X using
>> Firefox 3.6.13 and the "file:" protocol:
>>
>> ? ?file:///dev/tty.BT-GPS010B62-SerialPort
>>
>> do I have an insecure system ? An insecure browser ?
>
> And _this_ sort of thing is why Firefox and other browsers don't ever allow
> an http:// page to link to a file:// URL, read data from a file:// URL, or
> otherwise interact with a file:// URL.
>

Boris,
don't get confused by the questions in my message above, I really don'
feel insecure for that existing option in Firefox. It was a tentative
answer to so many security concerns and I wanted to tell that what
they were after is almost already available in Firefox/UNIX.

I feel it is a great and unique feature of Firefox, no other browser
(that I am aware of) implement that level of OS integration (that
maybe only for UNIX systems though).

Of course this require file security privileges
(security.fileuri.strict_origin_policy = true) but having to open
about:config or having to consent through a button is not a problem
for what I need it and probably what in general is needed. I believe
the process Seth described in his message would be more than enough
for the security problems this poses (relying on user consent is what
plug-ins also do).

--
Diego


> -Boris
>
Received on Sunday, 2 January 2011 12:51:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:29 UTC