|
|
|
|
|
|
by phkahler
3715 days ago
|
|
|
>> What's the reason for allowing web pages to get absolute screen coordinates? Web developers have always pushed for more access to information about the user and their environment. Browser and tool developers are happy to provide that access. There's always some use case that sounds reasonable, but you're right that it's just a security issue waiting to happen. These holes are also being talked about in the new Wayland display server on Linux. Warping a mouse pointer, color picking, knowing your apps place on the desktop are all security violations. They are being very careful with that stuff because it's an insecure free for all with X. Every time I upload an attachment to gmail or a picture to facebook, I wonder how secure things are. Those seem to require user action, but do they really? |
|
|
I'm torn. On the one hand I understand the privacy implications; on the other hand, if you'd want to be serious about those, you'd have to get rid of JavaScript and half of CSS. Every interesting feature can be turned into a privacy/security violation; how far are we willing to go in removing them?