I do know of a few popular sites that use bookmarklets, such as Delicious
(http://delicious.com/help/bookmarklets). It can be useful for simple,
cross-browser tasks.
Using 2.22.3 the mouseover text (if it's in your toolbar) does warn you:
Executes the script "Bookmarklet Name"
But dragging it to the toolbar produces no warning whatsoever.
In my quick testing, no browser throws a warning when using drag-and-drop. I
agree that there should be some sort of notification that the bookmark being
added contains Javascript and could be malicious.
Peter Chapman
--------------------------------------------------
From: "Mike Hommey" <[email protected]>
Sent: Monday, November 16, 2009 1:00 PM
To: "Michael Gilbert" <[email protected]>;
<[email protected]>
Subject: Re: Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets
cross-site info disclosure
On Mon, Nov 16, 2009 at 11:48:29AM -0500, Michael Gilbert wrote:
so, you're saying that this is a good feature and hence must be kept
based on the fact that it is currently available in a lot of browsers
(i.e. all gecko-based browsers and no webkit/khtml browsers)?
It works in (at least) safari, IE, Firefox and Opera. I'm pretty sure it
at least worked before in Konqueror.
Mike
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
