On Mon, 16 Nov 2009 17:34:39 +0100, Mike Hommey wrote: > On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote: > > On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote: > > > Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : > > > > On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: > > > > > What’s a bookmarklet? I don’t even know whether epiphany supports > > > > > this. > > > > > > > > It's javascript code you bookmark and can run on any site. A bit like > > > > greasemonkey, but crossbrowser. It's designed to run in the current > > > > page context, so the security issue here is by design. > > > > > > Confirmation before saving the bookmarklet to the list of bookmarks? If > > > so, I’d say epiphany is not affected, since it always ask for > > > confirmation whenever you bookmark something. > > > > right, but the current dialog doesn't throw up a scary warning saying > > that the bookmark contains potentially dangerous javascript, so some > > work would need to be done to implement that. > > > > or, the "safer" solution would be to disallow javascript in bookmarks. > > who in their right mind needs that (anti)feature anyway??? > > It's a very useful feature. There has been some kind of DOM inspector in > such bookmarks way before firebug existed,
addons seem like a better place for code/script execution anyway (since there already warnings about installing/running that stuff). from my perspective (and from a solid security standpoint) bookmarks should be static. i.e. users should get what they expect every single time they click the bookmark. > and it has the advantage of being cross browsers. so, you're saying that this is a good feature and hence must be kept based on the fact that it is currently available in a lot of browsers (i.e. all gecko-based browsers and no webkit/khtml browsers)? mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org