On Thu, Nov 24, 2016 at 09:03:24AM -0600, Michael Catanzaro wrote: > On Thu, 2016-11-24 at 10:02 +0000, Carlos Garnacho wrote: > > Tracker-extract is not as exposed as Firefox, because the file needs > > being in the local filesystem for starters. The web world is well > > known for figuratively throwing 3rd party media content to your face, > > even in otherwise trusted websites. > > I think the concern here is that browsers allow websites to download > files to your computer without any user interaction. Epiphany goes as > far as to open them automatically. I've never previously considered > that it's a security risk, […] What does that mean, exactly? Does it pass the downloaded file to xdg-open or equivalent? Just because you clicked on a link on some website, no matter the file type and association involved? Seriously? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
