30.08.2013, в 15:53, Dirk Pranke <dpra...@chromium.org> написал(а):
>> The draft does contain the sentence "Web pages should not be able to >> communicate with Local-networked Services that have not been authorized by >> the user thereby maintaining the user's privacy" in the use cases section; >> this should definite be emphasized and fleshed out, in a security section. > > How does the user know what they're doing? If there's an ad/unescaped > comment containing something malicious should a remote site be able to know > what services you have in your internal network? > > I'm not sure I understand your question, but I'm talking about the user > having to opt-in to disclosing services, similar to the opt-ins we do for > geolocation, media capture, local files, etc., e.g., "Spotify would like to > know if you have any local media receivers", etc. ... "Would you like to install malware onto all networked printers in your office? Please click OK to get rid of this dialog, and finally start the browser game you want to play." - WBR, Alexey Proskuryakov
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
