I also have MoreInternet installed, and that has no effect on whether my page works or not. I have not tried Unsanity's fix, as APE appears to cause performance problems on my system.
IMO, using an application on a disk image as a URL handler at all, and especially as a default URL handler, is asking for trouble. I'd expect to see more similar problems in the future unless that behavior gets changed. I wish Apple would at least display a warning dialog before handing off URLs to new default handlers, again, especially on remote disk images.
Geoff
On May 26, 2004, at 2:23 PM, Jim Witte wrote:
I just went to Unsanity's "Paranoid Android" page where they have a couple examples of the URI exploit and tried to run them in Camino. The disks (via dmg I think and ftp mounted), but then Camino refused to run the URI supposedly registered by the Info.plist file (message came up 'malware:// is not a registered protocol'). I do have More Internet installed, which might be what prevented it. If not, does this mean that Camino is safe from the exploit?
Aside: While I can (sort of) see the utility of allowing disks and ftp servers to be mounted directly from webpages, I *cannot* see any reason why URI's in Info.plist *on* those images should be loaded automatically. There might be a reason why URI's should be loaded automatically for *disks which the user explicitly mounted, or when the user explicitly opened an app on the disk*, but not automatically. That just is courting danger, with little benefit that I can see (of course, there is also potential for a "self-installing disk-image" exploit.. Is that patched somehow?)
Jim Witte [EMAIL PROTECTED] Indiana University CS --- A vote for Nader is a vote for George Bush. Sed quis custodiet ipsos custodes?
_______________________________________________ Camino mailing list [EMAIL PROTECTED] http://mozdev.org/mailman/listinfo/camino
_______________________________________________ Camino mailing list [EMAIL PROTECTED] http://mozdev.org/mailman/listinfo/camino
