← Back to team overview

unity-design team mailing list archive

  1. unity-design team
  2. Mailing list archive
  3. Message #00901

Re: Possible security risk with update-manager

  Thread PreviousDate PreviousThread Next 
> As I wrote in <http://launchpad.net/bugs/370248>: "For several years
> Web browsers have insisted on showing the address bar, or the status
> bar, or both, in any popup window as a way of distinguishing it from
> native application windows. Can you provide a demo which avoids this
> security measure?"

> In both Firefox and Chromium, the demo you have pointed to has not just
> the browser's address bar *and* status bar, but also two title bars
> rather than one. If you can provide a more convincing demo, please
> attach it to the bug report.

Matthew, he did say the example was very crude. Showing the status bar
and/or the address bar was a valid solution some years ago. Today, with
Javascript pop-ups, ubiquity of flash applets and rise of integrated
web+desktop frameworks like Air, the game has changed a little bit.

In fact, a lot of javascript libraries have a resource to dim the page
before showing a popup, exactly like gksudo does. Join this with the
fact that new browsers like Chrome give as little space as possible
for the status bars, and I believe there's real reason for concern.

Follow ups

  Thread PreviousDate PreviousThread Next