We don't have numbers to be able to tell how common is to create a bookmarklet by dragging to the toolbar, so it's hard to tell whether this breaks many or not. If we disallow it, we still provide ways to do it, maybe not as quickly but still decent. I'm also not a fan of confirm/warning dialogs. If we introduce a warning dialog, users that don't use bookmarklets should always refuse, while users that use them would probably not want to see it every time, and will need the usual "don't ask me again" management. It doesn't sound like a nice experience for any of the sides. Thus, I see 2 potential alternatives: 1. Just disallow creating a bookmarklet by dropping a js url. Users will have to pick Add Bookmark. 2. When dropping a js url, after creating the bookmarklet, open the Add Bookmark dialog for it. This will keep the feature, adding one additional confirmation step that shows the url. We could add an inline warning in the dialog itself under the Location field, to clarify bookmarklets may be dangerous. We'll need proper message and styling for that. Note we must add the bookmark first for technical reasons, but I am filing an Outreachy proposal to change this behavior, so that we create bookmarks AFTER showing the dialog. I'd probably go for 2, because it sounds like may have potential to also resolve bug 371923, the inline warning if made visible enough, would work as a confirmation hint. wdyt, would this address our sec concerns?
Bug 1725487 Comment 10 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
We don't have numbers to be able to tell how common is to create a bookmarklet by dragging to the toolbar, so it's hard to tell whether this breaks many or not. If we disallow it, we still provide ways to do it, maybe not as quickly but still decent. I'm also not a fan of confirm/warning dialogs. If we introduce a warning dialog, users that don't use bookmarklets should always refuse, while users that use them would probably not want to see it every time, and will need the usual "don't ask me again" management. It doesn't sound like a nice experience for any of the sides. Thus, I see 2 potential alternatives: 1. Just disallow creating a bookmarklet by dropping a js url. Users will have to pick Add Bookmark. This removes some coherence from the bookmarking system and may break user expectations. 2. When dropping a js url, after creating the bookmarklet, open the Add Bookmark dialog for it. This will keep the feature, adding one additional confirmation step that shows the url. We could add an inline warning in the dialog itself under the Location field, to clarify bookmarklets may be dangerous. We'll need proper message and styling for that. Note we must add the bookmark first for technical reasons, but I am filing an Outreachy proposal to change this behavior, so that we create bookmarks AFTER showing the dialog. I'd probably go for 2, because it sounds like may have potential to also resolve bug 371923, the inline warning if made visible enough, would work as a confirmation hint. wdyt, would this address our sec concerns?