Hi Jonas,
Thanks for your feedback. See comments inline.
Regards,
Eduardo.
On 6 oct 2012 at 00:06:53, Jonas Sicking wrote:
Hi All,
As usual, this is not the official mozilla position, as there is no such
thing.
Several of us at at mozilla has been looking at push quite a bit
lately. We
Cheer up everyone, we've got somebody dedicated to writing fullscreen
exploits now :) http://feross.org/html5-fullscreen-api-attack/
Summary: Change blindness may make phishing attacks feasible (displaying a
mock browser/page in fullscreen)
Cause: Switch to fullscreen before user consent.
Fix:
On Tue, 09 Oct 2012 08:43:13 +0200, Florian Bösch pya...@gmail.com wrote:
Cheer up everyone, we've got somebody dedicated to writing fullscreen
exploits now :) http://feross.org/html5-fullscreen-api-attack/
Summary: Change blindness may make phishing attacks feasible (displaying
a mock
On Tue, Oct 9, 2012 at 11:41 AM, Charles McCathie Nevile
cha...@yandex-team.ru wrote:
On Tue, 09 Oct 2012 08:43:13 +0200, Florian Bösch pya...@gmail.com
wrote:
Cheer up everyone, we've got somebody dedicated to writing fullscreen
exploits now :)
On Tue, Oct 9, 2012 at 1:45 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Tue, Oct 9, 2012 at 12:51 PM, Florian Bösch pya...@gmail.com wrote:
TL;DR I don't think you lose anything of value if you move the
confirmation
to before the fullscreen change and you might just inadvertedly
Should XHR allow scripts to set User-Agent?
Cons:
* The spec suggests the limitation helps ensure some data integrity
* Slight back-compat risks if we encounter scripts that attempt to set
User-Agent on sites with backends that expect nomal browser UA strings.
This may sound far-fetched but
Julian Aubourg j...@ubourg.net skreiv Tue, 09 Oct 2012 15:32:42 +0200
I agree the use cases do not seem compelling. But I know I'm generally
surprised by what people can and will do. What problem did you encounter
that would have necessitated to change the User-Agent string, Hallvord?
I've
On Mon, Oct 8, 2012 at 11:48 AM, Tobie Langel to...@fb.com wrote:
On 10/8/12 5:45 PM, Glenn Maynard gl...@zewt.org wrote:
I can't reproduce this (in Chrome 22).
Neither can I (Chrome Version 22.0.1229.79).
--tobie
Third and final confirmation; I cannot reproduce this w/ 22 or 23 beta.
On Tue, Oct 9, 2012 at 9:29 AM, Hallvord R. M. Steen hallv...@opera.comwrote:
Anne van Kesteren ann...@annevk.nl skreiv Tue, 09 Oct 2012 15:13:00
+0200
it was once stated that allowing full control would be a security risk.
I don't think this argument has really been substantiated for
https://www.w3.org/Bugs/Public/show_bug.cgi?id=16304
Anne ann...@annevk.nl changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|
https://www.w3.org/Bugs/Public/show_bug.cgi?id=17222
Anne ann...@annevk.nl changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://www.w3.org/Bugs/Public/show_bug.cgi?id=18772
Anne ann...@annevk.nl changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
Julian Aubourg j...@ubourg.net skreiv Tue, 09 Oct 2012 16:34:08 +0200
I've had trouble writing extensions and user scripts to work around
backend sniffing, due to being unable to simply set User-Agent for a
specific script-initiated request and get the correct content. As I've
attempted to
Hi All,
On October 8 the W3C announced the alpha release of a new WebPlatform
Docs initiative http://www1.webplatform.org/. From the home wiki:
[[
http://docs.webplatform.org/wiki/Main_Page
Web Platform Docs is a new community-driven site that aims to become a
comprehensive and
We were looking at Opera's w3c-test submissions, and noticed that several
of them use a pattern like:
request = index.openCursor(undefined, 'prev');
or:
opts = {};
request = index.openCursor(opts.range, opts.direction);
In Chrome, these throw DataError per our interpretation of the spec: If
On 10/9/12 1:52 PM, Joshua Bell wrote:
The IDB spec does not have [TreatUndefinedAs=Missing] specified on
openCursor()'s arguments (or anywhere else), so I believe Chrome's
behavior here is correct.
It looks correct as the spec is currently written.
It's not clear to me why the spec is
I was just looking at
http://dvcs.w3.org/hg/IndexedDB/raw-file/tip/Overview.html#dfn-valid-key
and I had some concerns about it. Specifically:
1) The definition of valid key mentions Array JavaScript objects
without making it clear what that means. Does that mean that the
[[Class]] is
On Tue, Oct 9, 2012 at 11:12 AM, Boris Zbarsky bzbar...@mit.edu wrote:
On 10/9/12 1:52 PM, Joshua Bell wrote:
The IDB spec does not have [TreatUndefinedAs=Missing] specified on
openCursor()'s arguments (or anywhere else), so I believe Chrome's
behavior here is correct.
It looks correct as
On 10/9/12 2:33 PM, Boris Zbarsky wrote:
3) It's not clear what the algorithm for determining whether a key is
valid in the Array case is. Is the following key valid:
var obj = [];
Object.defineProperty(foo, 0, { value: 1 });
? What about this one:
function getItem() {
return
On Sep 26, 2012, at 10:27 AM, Arthur Barstow wrote:
* File API - Arun can you get this spec ready for LC by October 15?
Yes.
-- A*
I've been toying a bit with the current chrome implementation of gamepads,
and been trying to make sense of how it would work for firefox.
There's a few observations I'd like to share:
- Being able to enumerate devices is very convenient. I don't think
Firefoxes implementation went that way
On Tue, Oct 9, 2012 at 11:37 AM, Alec Flett alecfl...@chromium.org wrote:
On Tue, Oct 9, 2012 at 11:12 AM, Boris Zbarsky bzbar...@mit.edu wrote:
On 10/9/12 1:52 PM, Joshua Bell wrote:
The IDB spec does not have [TreatUndefinedAs=Missing] specified on
openCursor()'s arguments (or anywhere
On Tue, Oct 9, 2012 at 2:51 PM, Alec Flett alecfl...@chromium.org wrote:
On Tue, Oct 9, 2012 at 11:37 AM, Alec Flett alecfl...@chromium.orgwrote:
On Tue, Oct 9, 2012 at 11:12 AM, Boris Zbarsky bzbar...@mit.edu wrote:
On 10/9/12 1:52 PM, Joshua Bell wrote:
The IDB spec does not have
On 10/9/12 6:04 PM, Robert Ginda wrote:
But I never, ever use the symbol-known-as
undefined in script, since it's actually a write-able variable.
For what it's worth, it's not anymore. It used to be, but current ES
makes it a readonly non-configurable property of the global. Not sure
to
On Tue, Oct 9, 2012 at 3:11 PM, Boris Zbarsky bzbar...@mit.edu wrote:
On 10/9/12 6:04 PM, Robert Ginda wrote:
But I never, ever use the symbol-known-as
undefined in script, since it's actually a write-able variable.
For what it's worth, it's not anymore. It used to be, but current ES
On Tue, Oct 9, 2012 at 3:18 PM, Robert Ginda rgi...@chromium.org wrote:
On Tue, Oct 9, 2012 at 3:11 PM, Boris Zbarsky bzbar...@mit.edu wrote:
On 10/9/12 6:04 PM, Robert Ginda wrote:
I'd suggest also treating null as missing if possible.
In general, or for the specific IDB case?
Well my
On 10/9/12 7:53 PM, Joshua Bell wrote:
The existence of an extended attribute in WebIDL to change the behavior
in this case hints at the need for both binding behaviors for
compatibility with the web. I note that there's no corresponding
TreatNullAs=Missing, however. Perhaps Cameron can jump in
27 matches
Mail list logo