- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 1 Feb 2012 00:36:02 +0000 (UTC)
On Sat, 17 Dec 2011, Brett Zamir wrote: > > What is the reason you won't let us make our own browsers-in-a-browser? What is the use case for browser-in-a-browser? If you have a browser... then you have a browser. Why would you want to run another one inside your browser? > I'm not talking about some module you have to build yourself in order to > distribute a browser as an executable. I'm talking about visiting a > (secure/signed?) page on the web and being asked permission to give it > any or all powers including the ability to visit and display other > non-cross-domain-enabled sites, with the long-term possibility of > browsers becoming a mostly bare shell for installing full-featured > browsers (utilizing the possibility for APIs for these "browsers" to > themselves accept, integrate, and offline-cache add-on code from other > websites, emulating their own add-on system). How do you help users who have no idea what that means and grant a hostile Web site claiming to be a browser access to everything? > I am not interested in the argument that "It is just too dangerous". > Browsers already allow people to download executables with a couple > clicks, not to mention install privileged browser add-ons. Enough said. Well, in all fairness, browsers and operating systems are going out of their way to make this harder and harder. Some (e.g. iOS, ChromeOS) make it essentially impossible now, others (e.g. Android) require you to explicitly opt-in to an obscure developer mode feature before allowing it, others (e.g. MacOS, Windows) keep track of where files were obtained from and give dire warnings before running apps from the Web. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 31 January 2012 16:36:02 UTC