Comment 114 for bug 239826

(In reply to comment #89)
>
> Your "surely" there goes too far. We could secure the entire avenue of attack
> by just removing view source altogether, but that would be over-restrictive

I disagree. You could remove the entire avenue of attack by simply not parsing at all when using view source. There are excellent plug-ins like firebug or view source chart that provide this functionality.

> because we believe that view source provides a function which is valuable to
> our users and aligned with our mission. Indeed, the ability to view the source
> of a web page is central to its openness. For similar reasons, we hold

You say that "ability to view the source of a web page is central to its openness" yet I can't view the source of the page, I have to view a *modified* version of it, a version modified for pretty display.

> ourselves to a higher standard in terms of the quality of that experience than
> "straight dump of bytes" - you can have that with wireshark if you want

Sure I can get that with wireshark, wget, I can even get it with IE 4 - that doesn't make it an ideal solution. The majority of people who are going to be looking at the source of a page are likely to be just the sort of people who don;t need to see beautified/modified source. It makes for very difficult debugging.

> skip the "ignore this warning" step completely. Our view source is linkified,
> syntax highlighted, and supports text- and position-searching because those
> make it a more effective tool. People who click through the (double!) warnings
> to view the source are, implicitly, signing up for a marginal increase in risk
> by doing so. We're not going to remove the functionality in order to mitigate
> that, though.

The only reason clicking through poses any risk at all is because the raw source isn't what is being shown, it's being parsed.

Personally I wouldn't see it as 'removing functionality' I'd see it as restoring proper functionality.