From: Kevin Carhart <kevin@carhart.net>
To: Edbrowse-dev@lists.the-brannons.com
Subject: Re: [Edbrowse-dev] data-* attributes / new work on RC
Date: Sun, 26 Nov 2017 19:19:59 -0800 (PST) [thread overview]
Message-ID: <alpine.LRH.2.03.1711261851010.29508@carhart.net> (raw)
In-Reply-To: <20171026174341.eklhad@comcast.net>
On Sun, 26 Nov 2017, Karl Dahlke wrote:
> I'm still in a bit of a quandary regarding an onclick function that doesn't complete because of an edbrowse error or shortcoming.
I guess it would be good to give it some kind of toggle.
If I am on a site where I can accidentally buy an elephant with my credit
card, then I am worried about anything being permitted if the site is in a
broken state, even where "broken state" is defined very conservatively,
meaning one or more runtime errors whatsoever.
But the problem is that those types of web actions are mixed together with
sites where the goal is to read plain text, or write plain text, or
something with no danger, something low key, and in that case we can lean
towards the permissive.
If you remember George something, the candy store that we didn't get
working in time for Christmas gifts a couple years ago, I seem to remember
there was something at the top that said this:
you are logged in
you are not logged in
Where, possibly, what's going on is that these these strings are both
sitting in html, and the page JS is supposed to erase whichever one is NOT
the case. But say the page JS broke earlier along and never erased
one. This is bad. It's a minefield. Maybe we should be even more
conservative than we are already, meaning that it might be good to fail
all links or just refuse to load.
But if the user KNOWS that it is experimental and wants to do it
anyway, they can set a certain flag.
We should just warn them, like requiring an opt-in.
Because otherwise the gravity of the situation may not be clear. It
seems humorous. "Logged in, not logged in. How can I be both logged in
and not logged in at the same time. It must be some kind of glitch. The
site seems to work though..." And if they then go on to do something
successfully, I now have a quandary also because they have gotten some use
out of it even though it is a problem to plop someone down in a
semi-broken page where they are going to form impressions based on
surface appearances.
next prev parent reply other threads:[~2017-11-27 3:18 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 12:29 [Edbrowse-dev] Tidy error reporting Karl Dahlke
2017-11-22 8:43 ` [Edbrowse-dev] data-* attributes Kevin Carhart
2017-11-22 9:33 ` Kevin Carhart
2017-11-22 15:48 ` Karl Dahlke
2017-11-22 21:36 ` Kevin Carhart
2017-11-23 1:23 ` Kevin Carhart
2017-11-24 21:19 ` Karl Dahlke
2017-11-25 0:20 ` [Edbrowse-dev] data-* attributes / new work on RC Kevin Carhart
2017-11-25 0:56 ` Karl Dahlke
2017-11-25 1:15 ` Kevin Carhart
2017-11-25 1:22 ` Karl Dahlke
2017-11-25 1:44 ` Kevin Carhart
2017-11-25 2:28 ` Karl Dahlke
2017-11-25 3:10 ` Kevin Carhart
2017-11-25 5:02 ` Karl Dahlke
2017-11-25 5:35 ` Kevin Carhart
2017-11-26 13:14 ` Karl Dahlke
2017-11-27 1:03 ` Kevin Carhart
2017-11-27 1:48 ` Kevin Carhart
2017-11-27 2:58 ` Karl Dahlke
2017-11-27 3:37 ` Kevin Carhart
2017-11-26 22:43 ` Karl Dahlke
2017-11-27 3:19 ` Kevin Carhart [this message]
2017-11-27 4:23 ` Karl Dahlke
2017-11-27 4:51 ` Kevin Carhart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.2.03.1711261851010.29508@carhart.net \
--to=kevin@carhart.net \
--cc=Edbrowse-dev@lists.the-brannons.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).