Bookmarklet requires permission for EVERY site it is run on
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: therubex, Unassigned)
Details
Attachments
(2 files)
FF Everything 78, allow once, works everywhere.png
Bookmarklet requires permission for EVERY site it is run on
Everything (search) allows you to set up a "URL protocol", es.
Doing so allows you to do something like highlight text on a web page in a web browser, & perform a search for that in Everything.
A bookmarklet can be used for that purpose:
javascript:Qr=document.getSelection();if(Qr)location.href='es:'+(Qr);void(0)
This has worked ever since Boris fixed things, https://bugzilla.mozilla.org/show_bug.cgi?id=1478037#c21.
And it still works - EXCEPT that where before, you said "Allow ES" - once, & it worked everywhere, now (at least since FF 88, possibly before (?), but after FF 78), its' "Allow" is only on a per site basis.
So now, you have to (potentially) "Allow ES" for (essentially) every site you visit.
And that, is simply lousy from a UX perspective.
(Granted, you don't necessarily need to actually "Always allow" any site, necessarily, but you then need to answer the "Open Link" prompt each & every time [& that is after the forced delay, too]. And that also sucks from a UX perspective.)
Everything, https://www.voidtools.com/
Everything URL protocol, https://www.voidtools.com/support/everything/options/#general
|
||
Comment 2•2 years ago
|
||
The problem here is that the bookmarklet script is running in the context of the page itself, which means that every time you allow opening the link, you allow the site itself to load URLs for that protocol, which can be risky. It would be safer to do this via an extension rather than a bookmarklet, in which case the load could be allowed for the extension without leaking privileges to arbitrary sites.
Description
•