[whatwg] Device Element

Diego Perini diego.perini at gmail.com
Sun Jan 2 12:51:15 PST 2011


On Wed, Dec 29, 2010 at 9:53 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 12/29/10 6:48 AM, Diego Perini wrote:
>>
>> Hmmm...
>>
>> I can currently read incoming RS232 and USB data in my OS X using
>> Firefox 3.6.13 and the "file:" protocol:
>>
>>    file:///dev/tty.BT-GPS010B62-SerialPort
>>
>> do I have an insecure system ? An insecure browser ?
>
> And _this_ sort of thing is why Firefox and other browsers don't ever allow
> an http:// page to link to a file:// URL, read data from a file:// URL, or
> otherwise interact with a file:// URL.
>

Boris,
don't get confused by the questions in my message above, I really don'
feel insecure for that existing option in Firefox. It was a tentative
answer to so many security concerns and I wanted to tell that what
they were after is almost already available in Firefox/UNIX.

I feel it is a great and unique feature of Firefox, no other browser
(that I am aware of) implement that level of OS integration (that
maybe only for UNIX systems though).

Of course this require file security privileges
(security.fileuri.strict_origin_policy = true) but having to open
about:config or having to consent through a button is not a problem
for what I need it and probably what in general is needed. I believe
the process Seth described in his message would be more than enough
for the security problems this poses (relying on user consent is what
plug-ins also do).

--
Diego


> -Boris
>


More information about the whatwg mailing list