- From: <michael.mccormick@wellsfargo.com>
- Date: Tue, 6 Nov 2007 10:36:50 -0600
- To: <public-wsc-wg@w3.org>
The "install" part is very important, but the "execute" part is a rabbit hole we probably don't want to go down. For example, when I point IE at a resource of MIME type ms/xls, Excel launches outside the browser as a helper app. It would be annoying if I got constant warning messages every time I pull up a XLS, PDF, etc. Constant warnings = ignored warnings. I do want to be warned when a page tries to install a plugin like Acroread, but not every time that plugin runs. Same for helpers, toolbars, extensions, ActiveX controls, etc. -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Web Security Context Working Group Issue Tracker Sent: Tuesday, November 06, 2007 9:50 AM To: public-wsc-wg@w3.org Subject: ISSUE-131 (Code outside browser): Executing code outside of browser in 8.3.2.3 is vague / scary [All] ISSUE-131 (Code outside browser): Executing code outside of browser in 8.3.2.3 is vague / scary [All] http://www.w3.org/2006/WSC/track/issues/ Raised by: Ian Fette On product: All 8.3.2.3 says "Web user agents MUST inform the user and request consent when web content attempts to install or execute software outside of the browser environment." This is a bit vague and probably not what we intend. For instance, when you navigate to a PDF on a browser using Acrobat Reader w/NPAPI plugin, what happens is that there is a plugin running in the browser, and then Acrobat Reader launches in the browser, and there's a ton of IPC between the plugin and Reader running in the background (which is doing the heavy lifting). This is executing software outside of the browser environment, yet I don't think this is really what we were intending to warn users about. At least, I will scream if I get a popup every time I navigate to a PDF. Seriously.
Received on Tuesday, 6 November 2007 16:37:19 UTC