© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
After 11 years - more and more clarity develops on this issue.
Please consider USER INTENT as an important aspect in the early design and later - policy implementation of this "feature". Now it is known how important (forced) user security is regarding XSS-type attacks, we have BOTH SIDES of the issue exposed. Seems like, the solution involves a little more programming, not merely "turning off" security concerns.
I'm probably typical in my INTENT. I have repetitive tasks where I download CSS files from trusted sources, format them, and archive them.
On selection of "do this automatically for files like this from now on" Firefox can throw a (severe) user warning about XSS-type attacks, then offer to allow the recurrent behavior, explicitly for the chosen server, forevermore. User has been WARNED, has actively chosen to do the deed with THIS SERVER ONLY, and has exonerated Firefox while maintaining the personal freedoms we expect using personal computers. Of course, removal of the "user approval for the site" must also be programmed.
For examples of WARN but "DO if approved by user" - look no further than Windows.