From: Kevin Carhart <kevin@carhart.net>
To: Chris Brannon <chris@the-brannons.com>
Cc: Edbrowse-dev@lists.the-brannons.com
Subject: Re: [Edbrowse-dev] $ object in javascript
Date: Mon, 26 Dec 2016 22:53:11 -0800 (PST) [thread overview]
Message-ID: <alpine.LRH.2.03.1612262151380.28214@carhart.net> (raw)
In-Reply-To: <87y3z2x90a.fsf@the-brannons.com>
Hi Chris,
> I'll be honest, I am starting to find this project very
> overwhelming on an intellectual level.
> I don't know how long I can keep up.
My alarm bells go off. You have a veto. If you think it is like
this, the drawbacks may outweigh the benefits or something is awry and it
shouldn't be done this way. Possibly it could be alleviated if we base
our changes off of top-down tests like Acid3. Thank you for the link to
acid3. Maybe I am adding unnecessary complication.
> And the security implications of AJAX scare the crap out of me.
> We're making web requests at the behest of code sent to us by total
I think there is a restriction, which may be a convention rather than
something that is enforced by code, that AJAX cannot load from outside
domains, but only from the domain of the original page. I think you're
right that another entry point from the internet is worrisome. It is one
more place where we talk to the curl library and something like malware
could be retrieved. Although, is this different than the security
implications of the web request browsed with the 'b' command in the first
place?
How do we know when we have done it securely?
> And what are the implications of doing that XHR stuff in startwindow.js,
> rather than native C? If you need it ported from JS to C, I can
> certainly do that, as I have enough familiarity with both languages.
Thank you. It is a mixture of both right now. The reason that there is a
javascript piece is that there was an existing
JS implementation that I was able to modify. This came from the Env JS
project. The JS piece mostly gathers parameters. Then it calls the
native code, fetchHTTP:
var entire_http_response =
document.fetchHTTP(this.url,this.method,headerstring,data);
Kevin
next prev parent reply other threads:[~2016-12-27 6:52 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-29 16:03 Karl Dahlke
2016-11-29 16:24 ` Chris Brannon
2016-11-30 0:47 ` Kevin Carhart
2016-11-30 7:30 ` Karl Dahlke
2016-11-30 7:43 ` Tyler Spivey
2016-11-30 7:54 ` Karl Dahlke
2016-12-01 0:04 ` Kevin Carhart
2016-12-01 1:17 ` Karl Dahlke
2016-12-25 13:06 ` Adam Thompson
2016-12-26 14:52 ` Karl Dahlke
2016-12-27 3:04 ` Kevin Carhart
2016-12-27 3:49 ` Karl Dahlke
2016-12-27 4:17 ` Kevin Carhart
2016-12-27 4:38 ` Karl Dahlke
2016-12-27 18:37 ` Adam Thompson
2016-12-27 4:59 ` Chris Brannon
2016-12-27 6:53 ` Kevin Carhart [this message]
2016-12-27 15:21 ` Chris Brannon
2016-12-27 20:13 ` Kevin Carhart
2016-12-27 13:26 ` Karl Dahlke
2016-12-27 15:47 ` Chris Brannon
2016-12-27 18:48 ` Adam Thompson
2016-12-27 20:23 ` Chris Brannon
2016-12-28 11:42 ` [Edbrowse-dev] Edbrowse in NetBSD Adam Thompson
2016-12-28 11:50 ` Chris Brannon
2016-12-28 12:15 ` Adam Thompson
2016-12-27 19:11 ` [Edbrowse-dev] $ object in javascript Adam Thompson
2016-12-27 19:47 ` Kevin Carhart
2016-12-27 20:11 ` Karl Dahlke
2016-12-27 20:45 ` [Edbrowse-dev] nextSibling and previousSibling Kevin Carhart
2016-12-27 21:14 ` Chris Brannon
2016-12-28 11:38 ` [Edbrowse-dev] $ object in javascript Adam Thompson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.03.1612262151380.28214@carhart.net \
--to=kevin@carhart.net \
--cc=Edbrowse-dev@lists.the-brannons.com \
--cc=chris@the-brannons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).