Closed Bug 703185 Opened 14 years ago Closed 14 years ago

Block extensions from contenteditable nodes

Categories

(Core :: DOM: Editor, enhancement)

Product:
Core
Component:
DOM: Editor
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: megabyte, Unassigned)

References

Details

Some extensions edit page content directly, such as Skype adding clickable links to phone numbers, or more malicious extensions adding text link ads. This can have especially negative effects on contenteditable nodes with content that is saved to a server. For example, if somebody who has the Skype extension installed edits a wiki page that has a phone number, a bunch of garbage is then saved to the server. Since it is not feasible to have the server clean up markup intended for the client that was not intended to be saved, such nodes should be blocked from extension access, or limited by a permission setting. The case where a node becomes editable should be handled as well.
Blocks: contenteditable
There is really nothing that we can do on our side for this. Extensions have the responsibility of honoring contenteditable settings, and we can't block them from using the DOM APIs to add things to the DOM while something in the document is editable.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.