On Sat, 2009-08-22 at 22:05 -0700, Adam Barth wrote: > which disables this behavior. For legacy reasons, we default this > setting to "true," but I'd like to encourage to use the "false" > setting by default in your browser, especially if your browser runs on > Linux. > > This issue is particularly important on Linux because many Linux users > use a network file system, such as AFS or NFS, which maps the entire > world into the local file system. For example, if I made my home > directly world-readable, it's quite likely that I would be able to > control this URL on your user's machines:
I notice that WebKitGTK+ disables this by default, good =). I think, though, that the AFS/NFS issue you mention is more general and shouldn't be a motivating factor. We have many GNU/Linux users not in corporate networks, these days, as well, and I think we should not be designing everything for big installations (those usually have admins who can worry about this kind of issue). Also, it looks like you can access windows shares using file://server/folder/file.html, so this doesn't seem to be UNIX-specific in any way. I also bet Mac can be made to use NFS, and AFS, so, again, I fail to see this as particularly important on non-Mac UNIX-likes. See you, -- Gustavo Noronha Silva <g...@gnome.org> GNOME _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
