by Thrawn » Fri Nov 25, 2016 3:10 am
In a nutshell: because of the behavior of the extension, 'about:blank' (ie the canonical blank page) is trying to access localhost. ABE already permits local sites to access localhost, but about:blank isn't considered to be local.
Theoretically, though, I think it's possible for a page with scripts enabled to create a new blank page and write scripts into it. So I don't think that about:blank should be automatically whitelisted for talking to the LAN. It's unfortunate that Dashlane is working this way. Being an extension and therefore privileged, Dashlane should be able to use other, non-ABE-controlled methods of talking to localhost.
In a nutshell: because of the behavior of the extension, 'about:blank' (ie the canonical blank page) is trying to access localhost. ABE already permits local sites to access localhost, but about:blank isn't considered to be local.
Theoretically, though, I think it's possible for a page with scripts enabled to create a new blank page and write scripts into it. So I don't think that about:blank should be automatically whitelisted for talking to the LAN. It's unfortunate that Dashlane is working this way. Being an extension and therefore privileged, Dashlane should be able to use other, non-ABE-controlled methods of talking to localhost.