* Gervase Markham: >> *grr* >> Before this makes sense, you need to truncate the host part of long >> URLs from the left, and not from the right. And you must make the URL >> bar mandatory by default (dom.disable_window_open_feature.location is >> still false in the shipped configuration). > > Why is it when you suggest a security improvement, people respond by > telling you about different ones you should make? *grr* ;-)
Because you've been ignoring the second sugesstion *for* *years*, and phishing sites begin to pop up (pun intended) which exploit this to display the expected indicators to the user. > Yes, this is not a magic bullet on its own, and yes, it doesn't work > if the user can't see the information. Happy? :-) I would feel better if you actually fixed the location bar bug. IE7 introduced this behavior to the audience and should have absorbed the call center costs (or will so in a few more month, if you are that scared of this change). _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
