<<< Date Index >>>     <<< Thread Index >>>

Re: New possible scam method : forged websites using XUL (Firefox)



On 2004-08-02 11:59:17 +0200, Peter J. Holzer wrote:
> * add a UI to the "allow javascript only from trusted sites" feature. 
>   (few people know that mozilla can do that, and even for those, editing
>   user.js is tedious).

More on the lines of "few people know that Mozilla can do that":

Daniel Veditz wrote in
<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=22183#c97>:

| Or we could just force the location bar to be on using the existing
| pref, but obviously there must be some reluctance to that or it'd be
| done already.

So I started to look for the "existing pref", and sure enough, if you
write

user_pref("dom.disable_window_open_feature.location", true);

in your prefs.js, the spoof looks much less convincing.
(You can also set this preference via "about:config".)

        hp

-- 
   _  | Peter J. Holzer      | Shooting the users in the foot is bad. 
|_|_) | Sysadmin WSR / LUGA  | Giving them a gun isn't.
| |   | hjp@xxxxxxxxx        |  -- Gordon Schumacher,
__/   | http://www.hjp.at/   |     mozilla bug #84128

Attachment: pgpSRlaAKsJ9j.pgp
Description: PGP signature