On Thu, Jul 22, 2010 at 2:48 PM, Mike Shaver <[email protected]> wrote:
> On Thu, Jul 22, 2010 at 5:32 PM, Luke Hutchison <[email protected]> > wrote: > > On Thu, Jul 22, 2010 at 5:03 PM, Mike Shaver <[email protected]> > wrote: > >> Would a UA that asked for the > >> user's permission the first time a bookmarklet is used (like some > >> prompt the first time a given helper app or URL scheme is used) be > >> compliant? > > > > You mean like Windows User Account Control? ;) > > No, I mean like the prompts for geolocation, popup windows, first-use > helper applications, first-use URL protocols, and similar. But my > question is more about what you propose to disallow, and why you > choose "disable" as the requirement. > This seems to be the wrong venue for this discussion but it is worth noting that IE8 doesn't allow drag-and-drop of javascript: links to the favorites bar. If you do right-click->Add to Favorites for a javascript: link it prompts "You are adding a favorite that might not be safe. Do you want to continue?" So clearly they think there is some security risk there. It doesn't impede a user from copying the link though and pasting it in the URL bar though. Even though I regularly type JavaScript in the URL bar I think it would be a smart change to make that disabled by default. There are already other things I go into about:config for. :) Paul Ellis
