RFC: Access Control over JavaScript Properties Globally and Per-Domain
David Faure
david at mandrakesoft.com
Mon Oct 14 11:35:18 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 13 October 2002 20:15, Leo Savernik wrote:
> [...]
> For example, an old KDE 3.0 setting like:
> foo.bar.com::accept
> will implicitely be treated as
> foo.bar.com::accept:::::
> and written back as such when the configuration is saved.
Excellent thinking.
> --- JavaScript Policies ---
> Web Popups: (*) allow ( ) ask ( ) deny ( ) smart
> Move Windows: (*) allow ( ) ignore
> Resize Windows: (*) allow ( ) ignore
> Bring Windows to Foreground: (*) allow ( ) ignore
> Change Status Bar Text: (*) allow ( ) ignore
>
> The configuration defaults are checked.
>
> The per-domain settings screen becomes:
>
> Host or domain name: [______________]
> JavaScript Policy: [Use global/Allow/Reject]
> Web Popups: (*) use global ( ) allow ( ) ask ( ) deny ( ) smart
> Move Windows: (*) use global ( ) allow ( ) ignore
> Resize Windows: (*) use global ( ) allow ( ) ignore
> Bring Windows to Foreground: (*) use global ( ) allow ( ) ignore
> Change Status Bar Text: (*) use global ( ) allow ( ) ignore
Looks good.
> The per-domain defaults are checked.
> If JavaScript Policy is set to deny, the succeeding options could be grayed
> out, otherwise they should stay available, even if the global JavaScript
> Policy setting is set to off.
Yes.
> 4. API Concerns
>
> The WindowOpenPolicy setting is actually not integrated into the
> khtml_settings class. I do not know the specific cause for this, but for
> per-domain management I propose that all the settings mentioned under 2. are
> integrated into khtml_settings.
Hmm, no particular reason. As long as stuff is global, reading from a kconfig
key is so simple, it didn't make it necessary to put in KHTMLSettings.
> The new preliminary API might look like:
> // Java and JavaScript
> bool isJavaEnabled( const QString& hostname = QString::null );
> bool isJavaScriptEnabled( const QString& hostname = QString::null );
> bool isJavaScriptDebugEnabled( const QString& hostname = QString::null );
> bool isPluginsEnabled( const QString& hostname = QString::null );
> + int windowOpenPolicy( const QString& hostname = QString::null );
> + bool isWindowMoveEnabled( const QString& hostname = QString::null );
> + bool isWindowResizeEnabled( const QString& hostname = QString::null );
> + bool isWindowFocusEnabled( const QString& hostname = QString::null );
> + bool isWindowStatusEnabled( const QString& hostname = QString::null );
Using bools will prevent future extensions (like any sort of "smart" policy).
Better use an int, or even better, an enum.
> Well, if we can reach an agreement on that rfc, I'll try hard to come up with
> a patch as soon as KDE-CVS is opened for feature commits again. Btw, when
> will that be? The release schedule seems to be messed up, it pretends that
> the current week #41 still is in September, so what to trust now?
Dirk ;)
- --
David FAURE, david at mandrakesoft.com, faure at kde.org
http://people.mandrakesoft.com/~david/
Contributing to: http://www.konqueror.org/, http://www.koffice.org/
Get the latest KOffice - http://download.kde.org/stable/koffice-1.2/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9qp3n72KcVAmwbhARApIbAJsF3tF0UJIIPWArZjzDOfOu2TtiSQCfViY4
AWE09IHWghl+5lubGGt1S4c=
=jpKN
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list