There's a new Firefox feature: Reader view in desktop Firefox. Release notes
Apparently, the new reader view uses about:reader, so it would be nice if it could be enabled by default.
Always allow about:reader
Always allow about:reader
Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: Always allow about:reader
That would depend on whether about:reader can be expected to be safe...anyone know more about that?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Fedora; Linux i686; rv:37.0) Gecko/20100101 Firefox/37.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Always allow about:reader
I'm not sure allowing about:reader by default is a good idea, not yet at least: it appears it loads content from the page to be "read", transforms and styles it then renders it in its own context.
Now if something goes wrong with the transformation, and specifically the sanitization of active content is bypassable, you come to allow active content execution on any page you pass to the reader which knows how to exploit this bypass.
So for now I prefer to explicitly allow "about:reader" when it's needed.
If its 100% security gets proved, I'm ready to change my mind.
Now if something goes wrong with the transformation, and specifically the sanitization of active content is bypassable, you come to allow active content execution on any page you pass to the reader which knows how to exploit this bypass.
So for now I prefer to explicitly allow "about:reader" when it's needed.
If its 100% security gets proved, I'm ready to change my mind.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Re: Always allow about:reader
Okay, I'll simply enable it myself, since I trust it. Thanks for your explanations.
Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: Always allow about:reader
Is reader mode intended to be 100% no-active-content? If so, then is it worth adding an ABE rule for defence in depth?
Code: Select all
Site about:reader
Sandbox
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Fedora; Linux i686; rv:37.0) Gecko/20100101 Firefox/37.0