- From: Anil Saldhana <Anil.Saldhana@redhat.com>
- Date: Wed, 02 Jan 2008 11:23:40 -0600
- To: Ian Fette <ifette@google.com>
- CC: michael.mccormick@wellsfargo.com, public-wsc-wg@w3.org
On many platforms, the acrobat reader opens the PDF within the browser chrome (same tab on firefox). I think this is an important requirement from an user's perspective that they be notified when a plugin tries to execute things outside the contract established between the user and the browser. I understand that it is going to be extremely hard in getting it right. But until the browser vendors/implementers raise a red flag on this, I support the retention of this bullet. :) I did recently mention the case of the Adobe flash plugin automatically upgrading itself due to the new Flex software intentions. The user has no control over the upgrade. Just because a flash movie requires an upgraded plugin, does not mean the user has no say in consenting to the plugin upgrade. :) Ian Fette wrote: > As per our 12/12 meeting, I am proposing removing the third bullet under > 8.3.2 - "Web user agents MUST inform the user and request consent when web > content attempts to install or execute software outside of the browser > environment". There are many things that make this hard / impossible to get > right, and even harder to actually get the intended effect without being > totally annoying. > > For instance, when you load a PDF, Acrobat Reader is launched outside of the > browser context. Yet I don't really want a dialog box every time I browse to > a PDF, I just want to see the PDF. Same thing when I click on a mailto: link > - it's going to get shell executed, and software (my MUA) is going to run > outside the browser. Or if there's an embedded video that causes the windows > mediaplayer plugin to do some funky COM stuff outside of the browser - > again, I really don't want dialog boxes here. I understand the intent and > think it's probably a good one, but it's really hard to actually get it > right in words, and I think it's something that browsers are doing pretty > well anyways. > > I'm not going to rehash everything in this email, please see the 12/12 notes > for a full review of the conversation ( > http://www.w3.org/2007/12/12-wsc-minutes.html ). In that meeting, I said I > would email back on this issue and propose that the best way to resolve it > is to simply remove the bullet point, unless anyone feels strongly about it. > If you do feel strongly about it, then please come up with some alternate > text. > > Thanks, > Ian > > On Nov 6, 2007 8:36 AM, <michael.mccormick@wellsfargo.com> wrote: > >> The "install" part is very important, but the "execute" part is a rabbit >> hole we probably don't want to go down. >> >> For example, when I point IE at a resource of MIME type ms/xls, Excel >> launches outside the browser as a helper app. It would be annoying if I >> got constant warning messages every time I pull up a XLS, PDF, etc. >> Constant warnings = ignored warnings. >> >> I do want to be warned when a page tries to install a plugin like >> Acroread, but not every time that plugin runs. Same for helpers, >> toolbars, extensions, ActiveX controls, etc. >> >> -----Original Message----- >> From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] >> On Behalf Of Web Security Context Working Group Issue Tracker >> Sent: Tuesday, November 06, 2007 9:50 AM >> To: public-wsc-wg@w3.org >> Subject: ISSUE-131 (Code outside browser): Executing code outside of >> browser in 8.3.2.3 is vague / scary [All] >> >> >> >> ISSUE-131 (Code outside browser): Executing code outside of browser in >> 8.3.2.3 is vague / scary [All] >> >> http://www.w3.org/2006/WSC/track/issues/ >> >> Raised by: Ian Fette >> On product: All >> >> 8.3.2.3 says "Web user agents MUST inform the user and request consent >> when web content attempts to install or execute software outside of the >> browser environment." >> >> This is a bit vague and probably not what we intend. For instance, when >> you navigate to a PDF on a browser using Acrobat Reader w/NPAPI plugin, >> what happens is that there is a plugin running in the browser, and then >> Acrobat Reader launches in the browser, and there's a ton of IPC between >> the plugin and Reader running in the background (which is doing the >> heavy lifting). This is executing software outside of the browser >> environment, yet I don't think this is really what we were intending to >> warn users about. At least, I will scream if I get a popup every time I >> navigate to a PDF. Seriously.
Received on Wednesday, 2 January 2008 17:23:56 UTC