[whatwg] Device Element
Aryeh Gregor
Simetrical+w3c at gmail.com
Mon Jan 3 14:38:54 PST 2011
On Mon, Jan 3, 2011 at 4:45 PM, Diego Perini <diego.perini at gmail.com> wrote:
> So next question is why allow Adobe Flash and plug-ins in general to
> do that wildly and not allow others to have the same capability and be
> so paranoid about security when that is already broken by other means
> at higher levels ?
If something is available in HTML, any website can run it. Websites
can't just install plugins. The only way for them to install plugins
is by getting the user to run an executable, which browsers put lots
of scary "be careful" signs around just like for any other downloaded
executable. If the website can get the user to install a plugin, it
can get them to run any program, so there's no security at all from
that point forward.
Yes, HTML features can require user confirmation, like geolocation
usually does. But the kind of mild confirmation needed for
geolocation is not suitable for allowing arbitrary file read/write
access. The latter would require much scarier-looking permission, in
fact about as much as installing a program, since it would be trivial
to escalate to arbitrary code execution. We don't want to encourage
websites to pop up warnings like that all the time, because 1) many
users won't give permission, which makes the feature much less useful
to authors; and 2) it desensitizes users so they click yes all the
time.
So this is really apples and oranges. Part of the point of the web is
it's relatively safe. You can't compare web platform features to
arbitrary code like plugins. This sort of feature will probably come
in time, driven by Chrome OS if nothing else, but it will have to be
thought out carefully to balance security against usability.
More information about the whatwg
mailing list