May be I am wrong (or it is off-topic) - but is this (just) a Sparkle problem?
I have read "Vulnerable Security - There's a lot of vulnerable OS X applications out there" (https://vulnsec.com/2016/osx-apps-vulnerabilities/) - and if I got the idea then browsing the web is insecure. Why? Because any application accessing web content via the WebView framework (Sparkle, Safari and many other apps) might allow to "launch special / default behaviour" (for example "file://" or "ftp://"; or Safari which starts iTunes if you click a link to any app store resources) and access to "unknows domains" ("other domains" or even worse included OS routines). Correct? In my opinion, the solution (for the Sparkle problem and browsing the internet) would be to change the WebView framework itself: 1.) If a domain is accessed, then do not allow access to ANY other domain. 2.) If a web content (or included resources) tries to access "unusual" resources (like "file://" or "ftp://"; or "http://192.0..."; or whatever) then ask the user for confirmation. This might not only fix the Sparkle problem, but would give us much more security. HTTP or HTTPS. And it might stop all these (external) traffic analytics and ads we all do not want to join or see. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
