On 07/01/14 13:02, Till Schneidereit wrote:
The discussion has happened in bug 588292[1]. For a succinct summary,
see tha bug's comment 37[2].
No, that doesn't respond to my point.
I did read the discussion in the bug I commented on (not the other one I
admit) and the "security reasons" argument is flawed in that it assumes
that the author-provided text would REPLACE the standard warning text,
while in fact the requested fix (and what EVERY other browser does) is
to ADD the text provided by the site to the standard warning provided by
the browser. How can that possibly be a security concern?
Ohhhhh now I see, 'the *confusion* of the "OMG YOUR COMPUTER IS INFECTED
BY A VIRUS" messages were causing', that's the point! LOL!!!!
Then based on that we shouldn't allow the browser to open a web page at
all, because it could contain that kind of message. Or, to be a little
less extreme and sarchastic, we should definitely disallow arert() based
on that exact same argument.
Note, by the way, that alert() _had_ been a security concern in the old
days and a solution was sought and found, without having to drop the
feature completely. Think about that.
By the way I see the behavior every other browser implements described
here:
http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.html
Not sure but that may mean that perhaps it might some day end up being
included in the standards.....
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
