«
»

Security, part 3

Here are a few more screenshots, after discussion with mconnor and a few other devs. They are in my opinion, and others I’ve heard, the most pleasing to the eye, and integrate fairly well with the browser chrome:

Browser with tab bar

Browser without tab bar

A web application with minimal chrome would look like this (for example, when launched with the -chrome flag of xulrunner, or window.open()ed with all the features disabled:

Web app, minimal chrome

After I prepared these screenshots, Firefox went back to forcing the status bar instead of the location bar. So maybe the site information/context menu could be under the content, instead of over it. The border is still necessary, to delineate where the untrusted content actually is.

In addition, it would be good to allow untrusted web apps to do more with UI, but users should always have the option of disabling these:

open modal windows
hide context menus
perhaps even block leaving a page

See bug 248207 for some more history/discussion.

This entry was posted on 17 Sep, 2004 at 12:29 am and is tagged with . Trackback.

Atom Feed for Comments 4 Responses to “Security, part 3”

  1. MonsterTruck Says:
    September 17th, 2004 at 4:19 am

    No, speaking as a web developer, I don’t think opening up the UI is a good decision, even if it’s just optional. The potential to bring even more security exploits to Firefox is too great, and more security exploits are certainly not needed right now, especially when we’re this close to the 1.0 release. Please, think thouroughly about these issues before continuing. I hope your judgement will be the best for Firefox. :)

  2. Erik Arvidsson Says:
    September 17th, 2004 at 4:46 am

    When running a XUL app using “xulapp myapp.xulapp” I want to give myapp full trust just like any other executable on my system. I hope this is referring to applications running over the internet after I’ve clicked a link in my browser (any browser).

  3. Bill Ferrett Says:
    September 19th, 2004 at 7:47 am

    More some questions. Is xulrunner available and if,so from where? and what is xulapp? XULRunner seems to be very low profile given how useful it would appear to be.

  4. Stephen Duncan Jr Says:
    September 19th, 2004 at 11:29 am

    Well, you’ve mostly sold me. If you follow that link to my last blog post on the issue and look at solution #3 (your solution), I do have a few concerns. Mostly just display issues though.

Leave a Reply