[following up from a thread on the mozilla forums] Boris Zbarsky wrote: > Christopher Aillon wrote: >> Are there any hooks that the fd.o stuff is specifically lacking? > > Yes. What's needed is a way to have separate helpers for trusted and > untrusted > files. Often the same, sometimes different. > > e-mail programs, web browsers, etc should use the untrusted versions (and > possibly provide UI for the user to change them, with hooks available for > apps > to save these user decisions). File managers should use the trusted versions.
Boris makes a good point. We definitely don't want users to "open" executables such as perl scripts with an interpreter as that is an easy way for an attacker to do things to an unwary user's system. We need some way to discern untrusted from trusted content. Looks like epiphany is doing this via http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup I'd argue that we should consider moving this information to fd.o, perhaps into s-m-i itself. I'm not sure we need a separate XML file for it, though. Perhaps we could integrate this directly into the existing XML file? _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
