Sugar Labs

Talk:Features/Social Help: Difference between revisions

← Older editNewer edit →
Line 33: Line 33:
The embedded browser used by this feature does not show an entry box for the URL.  This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.
The embedded browser used by this feature does not show an entry box for the URL.  This removes one of the critical security features of web browsers; the ability to verify that the site you are visiting is the right one, and you haven't been redirected to another.


Are there any controls in place to mitigate this? Such as restricting the browser to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:19, 26 May 2015 (EDT)
It is possible to escape the configured server; log in, click on search icon, click on help, a search via Google entry box is shown, and the Google search results can be navigated. There is no back button, so if you reach a page that has no links you must close help and open it again.
 
Should the browser be restricted to the configured server. --[[User:Quozl|Quozl]] ([[User talk:Quozl|talk]]) 21:31, 26 May 2015 (EDT)


References:
References:
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://www.infoworld.com/article/2923879/security/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html
* http://en.wikipedia.org/wiki/Spoofed_URL
* http://en.wikipedia.org/wiki/Spoofed_URL
Retrieved from "https://wiki.sugarlabs.org/go/Talk:Features/Social_Help"
Return to "Features/Social Help" page.