* Matthew Toseland <toad at amphibian.dyndns.org> [2008-03-18 18:10:54]:
> On Sunday 16 March 2008 10:29, nextgens at freenetproject.org wrote: > > Author: nextgens > > Date: 2008-03-16 10:29:28 +0000 (Sun, 16 Mar 2008) > > New Revision: 18550 > > > > Added: > > trunk/apps/new_installer/res/firefox_profile/extensions.rdf > > Log: > > new_installer: force-disable skype's extension... yeah that sucks but as > long as I don't find a way to whitelist allowed extensions it will remain > like that > > > > Added: trunk/apps/new_installer/res/firefox_profile/extensions.rdf > > =================================================================== > > --- trunk/apps/new_installer/res/firefox_profile/extensions.rdf > > > (rev 0) > > +++ trunk/apps/new_installer/res/firefox_profile/extensions.rdf > > 2008-03-16 > 10:29:28 UTC (rev 18550) > > @@ -0,0 +1,19 @@ > > +<?xml version="1.0"?> > > +<!-- see http://forum.skype.com/index.php?showtopic=81027 :(( --> > > Block it because it overrides the homepage? I thought the problem was it > rewrites HTML to make telephone numbers clickable, and that that might be > exploitable to get around the HTML filter? Both are good reasons to block it. Overriding the homepage the way it does it means "not displaying the wizard anymore", effectively "breaking" the installer... and that's why I blocked it. What we really need is a way to whitelist allowed extensions... but as far as I know we can't do that with firefox :/ Dealing with extensions mangling the HTML code is still an ongoing task... and I'm effraid there's no solution to deal with them short of trying to auto-generate the extension blacklisting file or starting FF in safe-mode. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080319/5cb63615/attachment.pgp>
