Figured I'd forward this over here, as it's pretty interesting stuff...
On Fri, 2007-12-07 at 14:34 +0100, Christopher Aillon wrote:
Figured I'd forward this over here, as it's pretty interesting stuff...
email message attachment (DBus Bindings for Javascript.eml)
I've been working on writing DBUS bindings for Mozilla Javscript. The goal of this project is to make it possible for XUL and extension developers to integrate with the Linux desktop.
If this ever gets into fedora it defaults to off and comes with giant flashing warnings when you turn it on. The last thing I want is some arbitrary javascript being able to escape the browser and send messages to the rest of my system.
-sv
On 12/07/2007 02:45 PM, seth vidal wrote:
On Fri, 2007-12-07 at 14:34 +0100, Christopher Aillon wrote:
Figured I'd forward this over here, as it's pretty interesting stuff...
email message attachment (DBus Bindings for Javascript.eml)
I've been working on writing DBUS bindings for Mozilla Javscript. The goal of this project is to make it possible for XUL and extension developers to integrate with the Linux desktop.If this ever gets into fedora it defaults to off and comes with giant flashing warnings when you turn it on. The last thing I want is some arbitrary javascript being able to escape the browser and send messages to the rest of my system.
This is for the JavaScript that runs as part of the browser, or in installed extensions. With system (local user) privileges. It already has full power to do whatever you can, including manually invoking dbus-send, or emailing your password information to bad guys. Of course, nobody would install an extension that would do these evil things, right?
On Fri, 2007-12-07 at 14:51 +0100, Christopher Aillon wrote:
On 12/07/2007 02:45 PM, seth vidal wrote:
On Fri, 2007-12-07 at 14:34 +0100, Christopher Aillon wrote:
Figured I'd forward this over here, as it's pretty interesting stuff...
email message attachment (DBus Bindings for Javascript.eml)
I've been working on writing DBUS bindings for Mozilla Javscript. The goal of this project is to make it possible for XUL and extension developers to integrate with the Linux desktop.If this ever gets into fedora it defaults to off and comes with giant flashing warnings when you turn it on. The last thing I want is some arbitrary javascript being able to escape the browser and send messages to the rest of my system.
This is for the JavaScript that runs as part of the browser, or in installed extensions. With system (local user) privileges. It already has full power to do whatever you can, including manually invoking dbus-send, or emailing your password information to bad guys. Of course, nobody would install an extension that would do these evil things, right?
I knew there was a reason I turn javascript off in most cases. :)
-sv
On Fri, 2007-12-07 at 09:15 -0500, seth vidal wrote:
I knew there was a reason I turn javascript off in most cases. :)
Turning off JavaScript for the web has no effect on chrome level code - if it did, the whole browser would stop working.
But yeah, bottom line is this has no security impact, it's just a nicer API for extensions and for Firefox itself to integrate better.
On Fri, 2007-12-07 at 12:27 -0500, Colin Walters wrote:
On Fri, 2007-12-07 at 09:15 -0500, seth vidal wrote:
I knew there was a reason I turn javascript off in most cases. :)
Turning off JavaScript for the web has no effect on chrome level code - if it did, the whole browser would stop working.
But yeah, bottom line is this has no security impact, it's just a nicer API for extensions and for Firefox itself to integrate better.
I'm all for it. Ya local code will always have dangers involved but that is not something D-Bus adds... I hope it is hard for local javascript modules to be exported to the external javascript side. I would hate if someone accidentally linked them up and some script kiddy could thrash my computer by sending play-sound A:\haxzored.wav. Oh wait that's AOL not Mozilla.
desktop@lists.fedoraproject.org
-
Christopher Aillon -
Colin Walters -
John (J5) Palmieri -
Seth Vidal