On Wed, Nov 21, 2012 at 11:23:08AM +0100, Christoph Lohmann wrote: > Cross‐side scripting is already a backwards compatibility to Google, > like Windows is the backward compatibility to the proprietary world. But > yes, it would be a nice toggle for surf, to turn off by default any > cross‐side loading and then turn it on when needed.
I don't like this idea as a default. The default should be 'works anywhere webkit works, with standard web compatibility options'. CSRF and similar sucks, but hey, that's the web, this is a web browser. > Any volunteers? I can’t stand that GTK abomination. Thankfully for me, I suspect it may be very difficult to do this, unless there's some webkit option. Delving into the surf source code soon becomes an exercise in torture, as you see how little can be done with webkit/libsoup etc. Its OK as a shim, though.
