[whatwg] Device Element
diego.perini at gmail.com
Sun Jan 2 12:51:15 PST 2011
On Wed, Dec 29, 2010 at 9:53 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 12/29/10 6:48 AM, Diego Perini wrote:
>> I can currently read incoming RS232 and USB data in my OS X using
>> Firefox 3.6.13 and the "file:" protocol:
>> do I have an insecure system ? An insecure browser ?
> And _this_ sort of thing is why Firefox and other browsers don't ever allow
> an http:// page to link to a file:// URL, read data from a file:// URL, or
> otherwise interact with a file:// URL.
don't get confused by the questions in my message above, I really don'
feel insecure for that existing option in Firefox. It was a tentative
answer to so many security concerns and I wanted to tell that what
they were after is almost already available in Firefox/UNIX.
I feel it is a great and unique feature of Firefox, no other browser
(that I am aware of) implement that level of OS integration (that
maybe only for UNIX systems though).
Of course this require file security privileges
(security.fileuri.strict_origin_policy = true) but having to open
about:config or having to consent through a button is not a problem
for what I need it and probably what in general is needed. I believe
the process Seth described in his message would be more than enough
for the security problems this poses (relying on user consent is what
plug-ins also do).
More information about the whatwg