On Tue, Jan 5, 2010 at 2:50 PM, Evan Martin <e...@chromium.org> wrote:
> On Tue, Jan 5, 2010 at 2:44 PM, Glen Murphy <g...@chromium.org> wrote:
> > I don't think anyone has any objection to DOMUIifying those pages, and
> > I don't think it would be a large amount of work. The only reason
> > they're not is that there hasn't been a reason to do so.
>
> DOM UI (at least when I last looked) just means that that renderer
> ("the page") gets extra privileges necessary for doing special browser
> calls, such as access to your browsing history for the History
> implementation.
>
> We went to some effort to keep these sorts of pages distinct from
> network content with the hope of reducing the security surface. I
> worry changing this for FTP would be going in the wrong direction.
>
Yes, exactly. Remember that ftp:// directories can be loaded in iframes by
web content. We don't want to grant any extra privileges to renderer
processes that display ftp:// content b/c those privileges could leak to
other content loaded by the same renderer if cross-site-scripting exploit
happens to exist.
I think there's a good opportunity to spiff up the directory listing
template to be nicer, but I think we have to avoid changing these directory
listings over to DOMUI.
-Darin
>
> It might make more sense to do something *like* DOM UI but with a
> different API just to keep things distinct. But then we reencounter
> the same sorts of problems we have with DOM UI, like for example if
> you click a link from an FTP site to an HTML file, how to prevent the
> FTP privileges from bleeding into the HTML file.
>
> I feel like Darin is the person who would best know how to address this.
> :)
>
> --
> Chromium Developers mailing list: chromium-dev@googlegroups.com
> View archives, change email options, or unsubscribe:
> http://groups.google.com/group/chromium-dev
>
--
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
