JoeS wrote:
Unfortunately, "this does not work" equates to "this software is not capable" for most users. Let the user know when pref controlled capabilities are violated at least.
Feel free to suggest UI for this. I don't see a good option yet.
How far do you have to dig to find that capabilities can be managed.
No digging at all. Basically, access to any property of any object can be individually disabled on a per-site basis.
Unless what you mean is digging to find out what expanded privileges are needed to perform a given operation. That _is_ something we should be documenting, if only so we can check that we're implementing it right.
Don't make a secret of what the product is capable of, for the sake of security, and let the user decide.
Decide what? -Boris _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
