On 08/30/2013 11:06 AM, Oliver Hunt wrote: > Here's my concern - if you say "a service like <x>" might want to > search for something, that is better described as "a random website". > That may be something the user wants, alternatively it could be > something evil. It could also be something evil embedded in an ad on > the site a user "trusts". My concern here is that as a web spec this > essentially acts as a way for arbitrary web content from any source to > perform a network scan of your local machine and get data about your > internal network topology and services from inside your firewall. > That's a really scary concept to me. This would require permission from the user, but it's definitely a valid concern that:
* Users frequently "ok" on any popup, so maybe that's not good enough.
* This could be pretty scary, combined with cross-site scripting
attacks (or advertising).
Would this be useful in WebKit if it was only enabled for apps with
special privileges (HTML apps from the app store, for example)?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
