Boris Zbarsky wrote:
Laurent Jouanneau wrote:
I don't know exactly what is this security issue, but this fix causes
an other *big* issue : it will break *many* web application !
Yes, we know. This was deemed the lesser of two evils....
So, are you working on a *real* solution on this ? a *real* solution
means, a solution which permit us to use a custom tree view in a
remote app.
There is some discussion in bug 326501 about a way to do this; see
comment 11 for the summary. I'm not sure whether anyone is working on
this, offhand... :( It's worth filing a bug to track work on it and
request blocking of Gecko 1.8.1 and 1.9a2 or something.
Ok
(sorry, i cannot read the comment, i'm not allowed to access to the bug
;-) )
Note that if your app has the UniversalBrowserWrite capability, we will
allow you to set a custom view right now. That might be ok as a
workaround in some cases....
Yes,i know. But you cannot ask to the user to change the pref
signed.applets.codebase_principal_support in his config ("type
about:config, search "signed.." bla bla), and then ask him his agreement
for the "UniversalBrowserWrite" capability etc.. It's too complex and
too restricting for a "normal" user...
Thanks
Laurent.
_______________________________________________
dev-tech-layout mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-layout
