[sugar] Clicking links (was Re: sugar roadmap)

[Bert Freudenberg]

On 11.04.2008, at 07:12, Eben Eliason wrote:
> On Fri, Apr 11, 2008 at 10:03 AM, Jameson Chema Quinn
> <jquinn at cs.oberlin.edu> wrote:
>> I'm assuming that the data would only go one way. In that case, the
>> permission would be, an app without P_NETWORK would not be able to  
>> request
>> opening of apps with P_NETWORK. No new permissions needed, just  
>> careful
>> attention to the ones we have.
>
> Sorry, I'm not sure I understand this particular requirement.  The
> activity launched will be completely isolated from that which
> requested it.  Why would we need to make this statement hold?  If I
> have, for instance, chosen to trust my web browser to use P_NETWORK,
> then why should it matter that it was asked to launch by something
> that didn't?


Because a malicious activity could encode a private document as URL  
and have the browser go to that URL, which would send it to any server  
on the internet.

I personally find addressing this scenario not worth the awkwardness  
we currently have, clicking a URL in any activity should open a  
browser on that URL, no questions asked, IMHO. If necessary, invent a  
new permission for this.

- Bert -