I'm fairly certain I could construct an attack on :visited history privacy using this object.
dave On Jun 4, 2010, at 2:02 PM, Ojan Vafai wrote: > On Fri, Jun 4, 2010 at 11:27 AM, Sam Weinig <sam.wei...@gmail.com> wrote: > After talking it over with some folks here at Apple, I want to formally > object to adding the Console.memory extension to the Console object and I > think we should remove support for Console.profiles as soon as we can. They > both provide information to users that are not generally useful (beyond the > "continuous integration/buildbot" use-case which I think is of limited > utility) and therefore should not be exposed to the web. > > Why is the continuous integration/buildbot use-case of limited utility? Or > are you saying that Console.memory doesn't really support that use-case well? > I think we want to make it as easy as possible for complex apps (e.g. email > apps, mapping apps, etc.) to care about and monitor memory use. > > While I'm not convinced by the utility argument, I do buy the security > argument. How would you feel about leaving the code in, but disabling it by > default? Then it could be enabled by command-line or via a preference. > > That said, I'm OK with rolling back for now given that the code was committed > without this discussion actually coming to a conclusion. > > Ojan > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
