On Thu, Jul 29, 2010 at 3:44 PM, Charles Pritchard wrote:
> There are some warnings in browsers for other security items:
> "This HTTPS Certificate is not valid, Continue / Cancel"
That's recognized pretty universally as a horrible prompt that is
actively bad for the user.
> It does set a prec
On 7/29/2010 3:37 PM, Ian Hickson wrote:
On Tue, 20 Apr 2010, Charles Pritchard wrote:
There does not seem to be a standard method of requesting elevated
permissions where local file access or cross-domain file access is
required.
Requesting permissions from whom? The user is not in a
On Tue, 20 Apr 2010, Charles Pritchard wrote:
>
> There does not seem to be a standard method of requesting elevated
> permissions where local file access or cross-domain file access is
> required.
Requesting permissions from whom? The user is not in any place to make
educated decisions about s
On Fri, Apr 23, 2010 at 5:56 PM, Anne van Kesteren wrote:
> On Sat, 24 Apr 2010 04:04:57 +0900, Jonas Sicking wrote:
>>
>> This would require changes to both HTML and to CORS, but not too bad.
>> And the result is significantly better as it doesn't require the user
>> to get involved and decide w
On Sat, 24 Apr 2010 10:00:52 +0900, Charles Pritchard
wrote:
I beleive that CORS (sometimes?) uses an additional HTTP OPTIONS
request-- though I don't see that being necessary (the GET response
could return valid headers).
CORS does not do that for simple cross-origin requests (i.e. the re
I beleive that CORS (sometimes?) uses an additional HTTP OPTIONS
request-- though I don't see that being necessary (the GET response
could return valid headers).
Has Opera implemented cross domain origin-clean images?
-Charles
On Apr 23, 2010, at 5:56 PM, "Anne van Kesteren"
wrote:
O
On Sat, 24 Apr 2010 04:04:57 +0900, Jonas Sicking wrote:
This would require changes to both HTML and to CORS, but not too bad.
And the result is significantly better as it doesn't require the user
to get involved and decide what's safe and what's not.
What changes to CORS would be required? It
On Fri, Apr 23, 2010 at 9:43 AM, Charles Pritchard wrote:
>> For what it's worth, we consider enablePrivilege to be a horrible
>> solution for basically any involved party (browser developer, user,
>> and website author), and we're in the process of removing it. So
>> saying that anything is like
On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard wrote:
Boris, you haven't provided me with any reasoning/room to address the issue.
Sorry. The point is that providing for dynamic privilege escalation (in
the sense that the permissions of a chunk of code change on the fly) is
not somethin
On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard wrote:
On 4/20/10 7:18 AM, Charles Pritchard wrote:
/>/> When resetOriginClean is executed, an implementation shall request
elevated
/>/> privileges, and if granted, set the origin-clean flag of the canvas
/>/> element to true.
/>
Mo
On Thu, Apr 22, 2010 at 5:05 PM, Charles Pritchard wrote:
> On 4/20/10 7:18 AM, Charles Pritchard wrote:
>>>
>>> / Proposed method:
>
> />>/ CanvasRenderingContext2D
> />/> resetOriginClean
> />/> throws SECURITY_ERR exception
> />>/
> />/> When resetOriginClean is executed, an implementation shal
On Apr 22, 2010, at 5:05 PM, Charles Pritchard wrote:
Mozilla almost certainly not be willing to implement such a method.
-Boris
Well... as that idea has been torpedoed, what/where is current work
being done to unify privilege escalation?
Calling it "privilege escalation" makes it sound
On 4/20/10 7:18 AM, Charles Pritchard wrote:
/ Proposed method:
/>>/ CanvasRenderingContext2D
/>/> resetOriginClean
/>/> throws SECURITY_ERR exception
/>>/
/>/> When resetOriginClean is executed, an implementation shall request elevated
/>/> privileges, and if granted, set the origin-clean flag
On 4/20/10 7:18 AM, Charles Pritchard wrote:
Proposed method:
CanvasRenderingContext2D
resetOriginClean
throws SECURITY_ERR exception
When resetOriginClean is executed, an implementation shall request elevated
privileges, and if granted, set the origin-clean flag of the canvas
element to true.
Issue:
There does not seem to be a standard method of requesting elevated
permissions
where local file access or cross-domain file access is required.
Consequence:
Currently, one must create a duplicate origin-clean Canvas element
to copy image data from a dirty element after privilege escalati
15 matches
Mail list logo