[webkit-dev] Proposed feature: Network Service Discovery

Brendan Long self at brendanlong.com
Fri Aug 30 10:34:21 PDT 2013


On 08/30/2013 11:06 AM, Oliver Hunt wrote:
> Here's my concern - if you say "a service like <x>" might want to
> search for something, that is better described as "a random website".
> That may be something the user wants, alternatively it could be
> something evil. It could also be something evil embedded in an ad on
> the site a user "trusts". My concern here is that as a web spec this
> essentially acts as a way for arbitrary web content from any source to
> perform a network scan of your local machine and get data about your
> internal network topology and services from inside your firewall.
> That's a really scary concept to me.
This would require permission from the user, but it's definitely a valid
concern that:

  * Users frequently "ok" on any popup, so maybe that's not good enough.
  * This could be pretty scary, combined with cross-site scripting
    attacks (or advertising).

Would this be useful in WebKit if it was only enabled for apps with
special privileges (HTML apps from the app store, for example)?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130830/b6d1329e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130830/b6d1329e/attachment.sig>


More information about the webkit-dev mailing list