On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote: > Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit : > > On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote: > > > What’s a bookmarklet? I don’t even know whether epiphany supports this. > > > > It's javascript code you bookmark and can run on any site. A bit like > > greasemonkey, but crossbrowser. It's designed to run in the current > > page context, so the security issue here is by design. > > Confirmation before saving the bookmarklet to the list of bookmarks? If > so, I’d say epiphany is not affected, since it always ask for > confirmation whenever you bookmark something.
right, but the current dialog doesn't throw up a scary warning saying that the bookmark contains potentially dangerous javascript, so some work would need to be done to implement that. or, the "safer" solution would be to disallow javascript in bookmarks. who in their right mind needs that (anti)feature anyway??? note that with respect to epiphany, only the gecko backend is affected. webkit currently acts wacky when bookmarking a site with javascript in the bookmark. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
