OpenURI portal w/o user granting permission
Mario Sanchez Prada
msanchez at gnome.org
Thu Jul 14 19:23:17 UTC 2016
Hi Stephan
>[...]
> A malicious app can cause your browser to access a URL controlled by the app.
>
> For one, that can be a privacy issue (with or without additional leakage of
> data through GET parameters), as the app's author can observe access to that
> URL (owned by them).
>
> For another, it can be a security issue if accessing the URL triggers an
> exploitable bug in the browser.
>
> But if this has already been discussed, and the pros of the current way are
> considered to outweigh its cons (and I tend to agree with that), then I'm fine.
This has been discussed and, while we were not extremely excited about not
showing confirmation in this particular case to the user, we also saw that
the case of launching http / https URIs as a bit special, so we implemented
the following approach as a compromise:
1. For any URI's scheme (including http/https) then always show the
app chooser dialog unless the user consistently chooses the same
app a few times in a row (hardcoded to 5 for now).
2. If the URI's scheme is http or https AND there's only one candidate
application available handling that scheme (e.g. only 1 browser),
then the dialog is skipped altogether, regardless of being selected
or not before.
About (1), idea is to make this configurable and also to have a way to reset
the state (e.g. from gnome-control-center) which is something in my TODO
list that I'm planning to tackle maximum next week.
About (2), this has certainly been discussed before, although I personally
have not been part of such a discussion. I can link here to the latest one
I'm aware of, in the relevant github issue:
https://github.com/flatpak/xdg-desktop-portal/issues/30
Hope this clarifies things a bit,
Mario
More information about the xdg-app
mailing list