While in 26.5 release, I can still easily disable websocket, in beta it seems impossible (just like newer FF releases).So, any plans to add this option ?
What are your plans, about an alternative to the current XSS filter ?
Two quick questions
-
Moonchild
- Pale Moon guru
- Posts: 35636
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Two quick questions
Why do you want to disable websockets? It's a widely-used technology and integral to HTML5.
There are currently no plans for an active XSS filter in the browser. If we want to re-implement it, we need help from the original author of the XSS filter (or someone else with a similarly efficient solution that can be integrated).
There are currently no plans for an active XSS filter in the browser. If we want to re-implement it, we need help from the original author of the XSS filter (or someone else with a similarly efficient solution that can be integrated).
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
dark_moon
Re: Two quick questions
Because websocket can breach a firewall and make a lot of other security problems in the past.
So a big security feature from Pale Moon have (currently) no future? Thats bad
I hope the original author help.
So a big security feature from Pale Moon have (currently) no future? Thats bad
I hope the original author help.-
superA
Re: Two quick questions
What dark_moon said.
Its a huge security/privacy risk, a lot of third party deliver adds and use websocket connections to leak information.
It was removed from FF, in 35 release I think, for some kind incompability with ''hello'', now is hardcoded.
A couple of addons in AMO, claimed that they can disable websocket, they are all jokes.
It's a big benefit for Pale Moon, that a user can disable websocets, please cosinder not taking that choise away.
Its a huge security/privacy risk, a lot of third party deliver adds and use websocket connections to leak information.
It was removed from FF, in 35 release I think, for some kind incompability with ''hello'', now is hardcoded.
A couple of addons in AMO, claimed that they can disable websocket, they are all jokes.
It's a big benefit for Pale Moon, that a user can disable websocets, please cosinder not taking that choise away.
-
dark_moon
Re: Two quick questions
I also try that addon but it doesn't work nor create the entry to enable/ disable in dev tools
https://addons.mozilla.org/en-US/firefo ... -disabler/
The addon install if i add Pale Moon GUID but yea it doesn't work in PM 27 beta 2 nor in beta 1.
Site to websocket support: http://websocketstest.com/
https://addons.mozilla.org/en-US/firefo ... -disabler/
The addon install if i add Pale Moon GUID but yea it doesn't work in PM 27 beta 2 nor in beta 1.
Site to websocket support: http://websocketstest.com/