On Sun, 26 Nov 2017, Karl Dahlke wrote:
I'm still in a bit of a quandary regarding an onclick function that doesn't
complete because of an edbrowse error or shortcoming.
I guess it would be good to give it some kind of toggle.
If I am on a site where I can accidentally buy an elephant with my credit
card, then I am worried about anything being permitted if the site is in a
broken state, even where "broken state" is defined very conservatively,
meaning one or more runtime errors whatsoever.
But the problem is that those types of web actions are mixed together with
sites where the goal is to read plain text, or write plain text, or
something with no danger, something low key, and in that case we can lean
towards the permissive.
If you remember George something, the candy store that we didn't get
working in time for Christmas gifts a couple years ago, I seem to remember
there was something at the top that said this:
you are logged in
you are not logged in
Where, possibly, what's going on is that these these strings are both
sitting in html, and the page JS is supposed to erase whichever one is NOT
the case. But say the page JS broke earlier along and never erased
one. This is bad. It's a minefield. Maybe we should be even more
conservative than we are already, meaning that it might be good to fail
all links or just refuse to load.
But if the user KNOWS that it is experimental and wants to do it
anyway, they can set a certain flag.
We should just warn them, like requiring an opt-in.
Because otherwise the gravity of the situation may not be clear. It
seems humorous. "Logged in, not logged in. How can I be both logged in
and not logged in at the same time. It must be some kind of glitch. The
site seems to work though..." And if they then go on to do something
successfully, I now have a quandary also because they have gotten some use
out of it even though it is a problem to plop someone down in a
semi-broken page where they are going to form impressions based on
surface appearances.
_______________________________________________
Edbrowse-dev mailing list
[email protected]
http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
