[sugar] Clicking links (was Re: sugar roadmap)

Eben Eliason eben.eliason
Fri Apr 11 15:37:26 EDT 2008


On Fri, Apr 11, 2008 at 11:15 AM, Bert Freudenberg <bert at freudenbergs.de> wrote:
>
>  On 11.04.2008, at 07:12, Eben Eliason wrote:
>  > On Fri, Apr 11, 2008 at 10:03 AM, Jameson Chema Quinn
>  > <jquinn at cs.oberlin.edu> wrote:
>  >> I'm assuming that the data would only go one way. In that case, the
>  >> permission would be, an app without P_NETWORK would not be able to
>  >> request
>  >> opening of apps with P_NETWORK. No new permissions needed, just
>  >> careful
>  >> attention to the ones we have.
>  >
>  > Sorry, I'm not sure I understand this particular requirement.  The
>  > activity launched will be completely isolated from that which
>  > requested it.  Why would we need to make this statement hold?  If I
>  > have, for instance, chosen to trust my web browser to use P_NETWORK,
>  > then why should it matter that it was asked to launch by something
>  > that didn't?
>
>
>  Because a malicious activity could encode a private document as URL
>  and have the browser go to that URL, which would send it to any server
>  on the internet.

Well, isn't that interesting.  You have a point, there, and I don't
see any good way around it.

>  I personally find addressing this scenario not worth the awkwardness
>  we currently have, clicking a URL in any activity should open a
>  browser on that URL, no questions asked, IMHO. If necessary, invent a
>  new permission for this.

Well, perhaps a permission is in fact needed then.  Of course, I still
see that there could be worth in a service which allows activities to
launch others.  Perhaps the Develop activity eventually wants to
launch an SVG editor for its icon.  Perhaps Write wants to be able to
embed links to other projects (as was initially mentioned as the use
case) for writing tutorials.  I'm not sure how to accomplish this.

- Eben



More information about the Sugar-devel mailing list