W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2011

[whatwg] Device Element

From: Diego Perini <diego.perini@gmail.com>
Date: Mon, 3 Jan 2011 22:45:36 +0100
Message-ID: <AANLkTi=absZd5PhMT1J_koh-Va_VRKX_jzsOH_Hmyrqr@mail.gmail.com>
On Mon, Jan 3, 2011 at 7:47 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 1/3/11 7:47 AM, Diego Perini wrote:
>>
>> I am switching that bit on/off when I need it (and the RS232/USB
>> device is connected), I am not asking others to do it.
>
> So while it's off, the user is vulnerable. ?Is the software doing this a
> Firefox extension?
>

No no... haven't tried that route but I understand it is another possibility.

I don't remember having said I use this bit for some real application,
just testing.

>> Mostly I am looking for other browser to implement this serial access
>> like Firefox does
>
> Firefox doesn't implement "serial access". ?It just reads files. ?What's
> exposed as "files" on a Unix system can be ... extensive (witness /proc on
> Linux, say). ?It's up to the kernel.
>

You are correct, Firefox doesn't implement serial access by itself, it
just let me use the OS directly (if security configuration
restrictions are removed).

So let's say I like the functionality this happens to give me with
RS232/USB devices. Even with those restrictions in place.

This is why I agree with the request for a device interface
specification (in HTML5) that will make this inter-operable.

>> This also means limit what other plug-ins can currently do on user
>> machines
>
> Plug-ins are running native code. ?They can't be limited unless you sandbox
> the process they're in completely (which typically breaks plug-ins; talk to
> Google about the pains they had to go to to sandbox Flash, even _with_
> Adobe's cooperation).
>
>> For example can Flash overcome this restriction and access the
>> devices through the "file:" protocol ?
>
> Of course, if the kernel exposes them as files.
>

So next question is why allow Adobe Flash and plug-ins in general to
do that wildly and not allow others to have the same capability and be
so paranoid about security when that is already broken by other means
at higher levels ?


--
Diego


> -Boris
>
Received on Monday, 3 January 2011 13:45:36 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:29 UTC