Ubuntu
firefox-3.0 package

Bug #239826
Comment #115

Comment 115 for bug 239826

Revision history for this message

In Mozilla Bugzilla #397937, Mauro Vale (maurovale) wrote on 2010-04-26:

#115

(In reply to comment #90)
> (In reply to comment #89)
> >
> > Your "surely" there goes too far. We could secure the entire avenue of attack
> > by just removing view source altogether, but that would be over-restrictive
>
> I disagree. You could remove the entire avenue of attack by simply not parsing
> at all when using view source. There are excellent plug-ins like firebug or
> view source chart that provide this functionality.
>

Amen, I subscribe everything you just said.

I don't want to change to another browser only to see the source code of a web page, because of a dumb version of shouw sorce from firefox.

I don't want a prety show source, i wan't to see the SOURCE of the web page and find the problem or anything about the webpage nothing more.

>
> > because we believe that view source provides a function which is valuable to
> > our users and aligned with our mission. Indeed, the ability to view the source
> > of a web page is central to its openness. For similar reasons, we hold
>
>
> You say that "ability to view the source of a web page is central to its
> openness" yet I can't view the source of the page, I have to view a *modified*
> version of it, a version modified for pretty display.
>
>
>
>
> > ourselves to a higher standard in terms of the quality of that experience than
> > "straight dump of bytes" - you can have that with wireshark if you want
>
>
> Sure I can get that with wireshark, wget, I can even get it with IE 4 - that
> doesn't make it an ideal solution. The majority of people who are going to be
> looking at the source of a page are likely to be just the sort of people who
> don;t need to see beautified/modified source. It makes for very difficult
> debugging.
>
>
> > skip the "ignore this warning" step completely. Our view source is linkified,
> > syntax highlighted, and supports text- and position-searching because those
> > make it a more effective tool. People who click through the (double!) warnings
> > to view the source are, implicitly, signing up for a marginal increase in risk
> > by doing so. We're not going to remove the functionality in order to mitigate
> > that, though.
>
> The only reason clicking through poses any risk at all is because the raw
> source isn't what is being shown, it's being parsed.
>
> Personally I wouldn't see it as 'removing functionality' I'd see it as
> restoring proper functionality.

(In reply to comment #90)
> (In reply to comment #89)
> > 
> > Your "surely" there goes too far. We could secure the entire avenue of attack
> > by just removing view source altogether, but that would be over-restrictive
> 
> I disagree. You could remove the entire avenue of attack by simply not parsing
> at all when using view source. There are excellent plug-ins like firebug or
> view source chart that provide this functionality.
>

Amen, I subscribe everything you just said.

I don't want to change to another browser only to see the source code of a web page, because of a dumb version of shouw sorce from firefox.

I don't want a prety show source, i wan't to see the SOURCE of the web page and find the problem or anything about the webpage nothing more.

> 
> > because we believe that view source provides a function which is valuable to
> > our users and aligned with our mission. Indeed, the ability to view the source
> > of a web page is central to its openness. For similar reasons, we hold
> 
> 
> You say that "ability to view the source of a web page is central to its
> openness" yet I can't view the source of the page, I have to view a *modified*
> version of it, a version modified for pretty display.
> 
> 
> 
> 
> > ourselves to a higher standard in terms of the quality of that experience than
> > "straight dump of bytes" - you can have that with wireshark if you want
> 
> 
> Sure I can get that with wireshark, wget, I can even get it with IE 4 - that
> doesn't make it an ideal solution. The majority of people who are going to be
> looking at the source of a page are likely to be just the sort of people who
> don;t need to see  beautified/modified source. It makes for very difficult
> debugging. 
> 
> 
> > skip the "ignore this warning" step completely. Our view source is linkified,
> > syntax highlighted, and supports text- and position-searching because those
> > make it a more effective tool. People who click through the (double!) warnings
> > to view the source are, implicitly, signing up for a marginal increase in risk
> > by doing so. We're not going to remove the functionality in order to mitigate
> > that, though.
> 
> The only reason clicking through poses any risk at all is because the raw
> source isn't what is being shown, it's being parsed.
> 
> Personally I wouldn't see it as 'removing functionality' I'd see it as
> restoring proper functionality.

Ubuntufirefox-3.0 package

Comment 115 for bug 239826

Ubuntu
firefox-3.0 package