Summary: | securing web inspector server by notifying user for remote web inspector connection ( allow or disallow) | ||
---|---|---|---|
Product: | WebKit | Reporter: | jaybhaskar <jay.bhaskar> |
Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Normal | CC: | ankit.a1, monil.parmar |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Linux |
Description
jaybhaskar
2014-01-09 20:33:18 PST
The non intentional users who are not aware of remote web inspector will not set env variable to run inspector server i agree, but it is possibility that env variable can be set before ruing webkit based browser in shell and without user permission user's webpage may be inspected remotely. enabling the feature through an environment variable is not ideal. We could ask the user for the consent whether to establish the connection or not for the remote webInspector connection |