656544 - Make all of Scratchpad's keyboard shortcuts more intuitive.

Status: RESOLVED DUPLICATE of bug 657131

(DevTools :: General, defect)

Description

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

Bug 656330 wants Execute's shortcut changed to Ctrl/Cmd + Enter, to match Firebug's shortcut. Ctrl+T is already used in the browser for making new tabs, so I don't think it should be used for "execute potentially dangerous/malicious code in the context of a webpage".

Inspect's shortcut is Ctrl/Cmd + I, which makes sense. DOM Inspector's global shortcut is Ctrl-Shift-I, so "Inspect" -> I is good.

Why Print's shortcut isn't Ctrl/Cmd + P, I have no idea. Ctrl-R is reload.

Comment 1

[Cameron McCormack (:heycam)]

Relatedly, when the Scratchpad window is focused on Mac, the menu bar changes drastically.  Many menu items disappear.  Focusing the Scratchpad window should do the same thing to the menu that, say, focusing the Downloads or Bookmark Manage window does (keep most menu items enabled, disable the ones that don't make any sense, but don't remove any of the top level menus).

Comment 2

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

Attachment: change the keys for execute and print commands

This patch changes the keys for the execute and print commands.

Print goes to "p", and execute goes to "e". (I don't know how "enter" would work for this, so I went with "e" because it was easy, and I didn't feel like starting up a local build to try it at this hour.)

This also switches the order of key vs accesskey so that the entire file always goes like this:
label
key (or commandkey)
accesskey

Because the inconsistency was confusing me as I was trying to change the various items.

(There's still some inconsistencies in the case used for the various keys/accesskeys. Do they make a difference? Paste's accesskey is "P", while Print's is "p", and they're both in the Edit menu.)

Comment 3

[Rob Campbell [:rc] (:robcee)]

hi.

I understand the confusion and have asked Limi for some UX feedback on what's best to do here. In the mean-time, I'll explain the rationale for picking the keys we did:

execuTe: Originally picked E, but that conflicts with Ctrl-E (end-of-line) in Linux. X and C are both clipboard standards. That left U or T.

pRint: Cmd/Ctrl-P is Print file. To the Printer. In the Scratchpad, the context menu 'Print' command evaluates the selected text and dumps the result into the scratchpad window. Other options, i (see below), n (new window) or t (see above).

Inspect: This is the only one of the three that makes clear sense.

Personally, I think Cmd/Ctrl-T works just fine for execution. Cmd/Ctrl-R is reasonable enough for printing output. People can get used to those keys with use.

I saw Jesse's screed last night in #developers and I think, '... I don't think it should be used for "execute potentially dangerous/malicious code in the context of a webpage".' was a result of that. If you're evaluating "dangerous or malicious" code in the Scratchpad, you probably shouldn't have put it there in the first place.

Comment 4

[Rob Campbell [:rc] (:robcee)]

(In reply to comment #1)
> Relatedly, when the Scratchpad window is focused on Mac, the menu bar
> changes drastically.  Many menu items disappear.  Focusing the Scratchpad
> window should do the same thing to the menu that, say, focusing the
> Downloads or Bookmark Manage window does (keep most menu items enabled,
> disable the ones that don't make any sense, but don't remove any of the top
> level menus).

Interesting point, Cameron. Limi, what do you think?

Comment 5

[Shawn Wilsher :sdwilsh]

(In reply to comment #1)
> Relatedly, when the Scratchpad window is focused on Mac, the menu bar changes
> drastically.  Many menu items disappear.  Focusing the Scratchpad window should
> do the same thing to the menu that, say, focusing the Downloads or Bookmark
> Manage window does (keep most menu items enabled, disable the ones that don't
> make any sense, but don't remove any of the top level menus).
I think this belongs in a separate bug, fwiw.  I think I missed that in review (there's an overlay we should be applying here).

Comment 6

[Jesse Ruderman]

> If you're evaluating "dangerous or malicious" code in the Scratchpad, you 
> probably shouldn't have put it there in the first place.

Sure, let's solve this at a level other than keyboard shortcuts within the Scratchpad window.

How are users supposed to figure out that "the Notepad-like window that appears when I press F4" is a dangerous place to paste text?  cf http://www.barracudalabs.com/wordpress/index.php/2011/05/10/facebook-is-infested-with-cut-and-paste-javascript-survey-scams/

> pRint: Cmd/Ctrl-P is Print file. To the Printer. In the Scratchpad, the
> context menu 'Print' command evaluates the selected text and dumps the
> result into the scratchpad window.

I had not figured this out. Maybe the command should be renamed to "Evaluate selected text".

There aren't a whole lot of Cmd key shortcuts that aren't (1) reserved for editing or window management or (2) destructive if you accidentally press them with the content window focused instead of the Scratchpad.  DHBJKLPUI are the ones I can think of.  "U" would work fairly well for "Evaluate selected text", I think.

Comment 7

[Rob Campbell [:rc] (:robcee)]

(In reply to comment #5)
> (In reply to comment #1)
> > Relatedly, when the Scratchpad window is focused on Mac, the menu bar changes
> > drastically.  Many menu items disappear.  Focusing the Scratchpad window should
> > do the same thing to the menu that, say, focusing the Downloads or Bookmark
> > Manage window does (keep most menu items enabled, disable the ones that don't
> > make any sense, but don't remove any of the top level menus).
> I think this belongs in a separate bug, fwiw.  I think I missed that in
> review (there's an overlay we should be applying here).

agreed. Filed bug 656701.

(In reply to comment #6)
> > If you're evaluating "dangerous or malicious" code in the Scratchpad, you 
> > probably shouldn't have put it there in the first place.
> 
> Sure, let's solve this at a level other than keyboard shortcuts within the
> Scratchpad window.
> 
> How are users supposed to figure out that "the Notepad-like window that
> appears when I press F4" is a dangerous place to paste text?  cf
> http://www.barracudalabs.com/wordpress/index.php/2011/05/10/facebook-is-
> infested-with-cut-and-paste-javascript-survey-scams/

We could add some scary-sounding warning to the placeholder text (which I think we should convert to a real JS comment in the text area so people can actually see it when they've focused the text area).

It sucks that we have to make our developer tools uglier because of social engineering scams, but we should definitely protect people from that kind of thing. "Hit F4, paste this text and hit Cmd-T" sounds like an easy bit of boilerplate to add to a facebook scam.

> > pRint: Cmd/Ctrl-P is Print file. To the Printer. In the Scratchpad, the
> > context menu 'Print' command evaluates the selected text and dumps the
> > result into the scratchpad window.
> 
> I had not figured this out. Maybe the command should be renamed to "Evaluate
> selected text".

Well, each of those three execution types "Evaluate selected text". The menu items describe what to do with the results of that evaluation. Execute just does it, Print dumps the output to the scratchpad, and Inspect opens an object inspector on it.

> There aren't a whole lot of Cmd key shortcuts that aren't (1) reserved for
> editing or window management or (2) destructive if you accidentally press
> them with the content window focused instead of the Scratchpad.  DHBJKLPUI
> are the ones I can think of.  "U" would work fairly well for "Evaluate
> selected text", I think.

Or "Execute" I guess. I'm anxious to hear Limi's recommendations on this.

Comment 8

[Brendan Eich [:brendan]]

Do we have any evidence that warnings mitigate social engineering attacks?

/be

Comment 9

[Daniel]

how about R for "run" to execute the command and then choose another key for print?