Changes between Initial Version and Version 1 of Ticket #21034, comment 14


Ignore:
Timestamp:
Mar 28, 2017, 11:42:25 AM (2 years ago)
Author:
arthuredelstein
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21034, comment 14

    initial v1  
    1616As far as UX is considered, my thinking would be to have security setting button next to the URL bar, similar to the NoScript button. The button's dropdown menu would have the title "Security setting for this page" with the three options (Low, Medium, High). In fact, it might be possible to hide the NoScript button altogether, because the "Temporarily allow all this page" menu option is more or less redundant in this situation.
    1717
    18 Having a separate content process for each first-party not only would make this possibly feasible, but it would also reduce the risk that exploits can link one tab to another.
     18Having a separate content process for each first-party not only would make this possibly feasible, but it would also reduce the risk that exploits can link one tab to another. So if lowering defenses on one tab turns out to have been a mistake, at least we have some hope of containing the damage.