Comment 250 for bug 25830

Revision history for this message
In , Michal Suchanek (hramrach) wrote :

(In reply to comment #201)
> (In reply to comment #199)
> > I'm curious how the extension avoids the security issues that a naive
> > implementation would have.
>
> Just to clarify, the extension doesn't protect users from malicious scripts
> when viewing documents as html. I'll see if I can do something like bug
> 504441 inside the extension, or maybe show a warning when viewing a mime
> type that runs scripts.
>
> By the way, I noticed that Opera 10 doesn't protect the user from these
> kinds of security issues.

Nor does Firefox, on any content that is HTML from the start or relabeled as such by the extension.