I know that I can get a page to appear as a panel via the "Show in
panel" bookmark option, but is it possible for such a panel to access
the DOM of the content loaded in the main tab/window?

--
Spartanicus

Op Tue, 30 Jan 2007 15:54:10 +0100 schreef Spartanicus  
<inva...@invalid.invalid>:

Nope. That would be very cool, but also dangerous (XSS).

--
Rijk / Opera Software ASA / QA etc

"We hereby honor Opera with our Han and Chewy Award for Innovation and  
Harebrained Experimental Goodness"
http://www.wired.com/news/technology/software/0,72360-0.html

"Rijk van Geijtenbeek" <r...@opera.removethiz.com> wrote:

Would allowing this only if the resource used as a panel is located on
the local file system make a difference to that risk?

When writing markup I have FF open next to Opera purely for a FF
extension that generates a document outline from the header structure
and displays it in the FF sidebar.

--
Spartanicus

Spartanicus schrieb:

That leaves the question: where did you get this resource on your local
file system, that you use as panel? Wrote it yourself, downloaded it
somewhere? If downloadet, who garantees that the site offering this cool
feature you want as panel didn't put anything evil in it?
If you wrote it yourself: how does Opera distinguish between anything
you wrote yourself (=safe for XSS as you know what it does) and things
you downloaded, and which are potentially bad?

Martin, just guessing
--
ICQ: 76384978

C.H.E.R.R.Y.:
Cybernetic Humanoid Engineered for Repair and Rational Yardwork

Op Tue, 30 Jan 2007 18:39:13 +0100 schreef Martin 'Cherry' Kirsch  
<mar...@kirschen.org>:

Indeed. It might be feasable, IMHO, only if you get a very clear warning  
before adding a panel. Currently it is very easy to add a panel, but with  
XSS capabilities you should treat this with the same cauton as in  
installing an executable.

--
Rijk / Opera Software ASA / QA etc

"We hereby honor Opera with our Han and Chewy Award for Innovation and  
Harebrained Experimental Goodness"
http://www.wired.com/news/technology/software/0,72360-0.html

On Tue, 30 Jan 2007 18:39:13 +0100, Martin 'Cherry' Kirsch <mar...@kirschen.org> wrote:

Is that significantly different from installing any other software?
Following your argument to its logical conclusion, the operating
system should refuse to allow any program to run because it doesn't
know whether you wrote it yourself or installed it from elsewhere.

At some point you have to be able to say "I know what I'm doing", and
installing an application on your local disk is a good way of showing
that you trust it. If I download a binary and install it somewhere I
don't expect the system to step in and say "I'm not going to let you
run that because it could be dangerous", so why should it be different
for scripts in web pages? If I'm stupid enough to save something from
warez.virussite.com that's my lookout, and if I'm stupid enough to
do that then I'll probably have killed my system with compromised
software long before I get around to installing Opera.

Perhaps the opera: protocol could be used to refer to a local area in
which judged-to-be-safe files are held. If I specify a URL in the form
<opera:safe/myfile.html> Opera will trust the page completely and
allow it to do anything. For added safety downloads direct to that
directory tree would be prohibited, forcing the user to go through the
same sort of save-then-install procedure used for normal applications.

--
Matthew Winn
[If replying by email remove the "r" from "urk"]

On Tue, 30 Jan 2007 17:16:45 +0200, Rijk van Geijtenbeek  

And how would you know that so for certain?
http://people.opera.com/rijk/opera/userjs.html#notes
"Please don't expect me to explain specific functions,
because I'm not a proficient JavaScripter myself."
Read it ^^^^^^^^^^^^^^^^^^^^ loud.

This is the functionality I am asking for last 6.5 years.

If you still dont understand, the communication between panel and "tab  
window" can be restricted in ways,
that "tab window" COULD NOT CALL METHODS AND COULD NOT ACCESS VARIABLES OF  
PANEL.
But you talk your XSS voodoo, and axe the great functionality with FUD and  
scare people off.

You cant have vision if you dont have passion.
Working in software industry for money is a bitch.
Try engineering isntead of being forever QA.
QA doesnt create new things.
Working on other persons bugs and code misbreedings cools passion off.
Dont belive everything they tell you out of their own convenience "'t  
can't be done"...

Instead of creating panel as a useful item, Operasoftares engineer pervs  
coined what?
THE WIDGEEEETS!
I even saw a video with Jon S. von Tetzchner where he was interviewed  
around time when Opera 9 released and he was like tricked to be happy and  
proud to say that like Widgets are somewhat similar as Firefoxes  
extensions...

PR people dont manufacture anything but void words.
Widgets are atm pure crap.
Why they are crap - that can be read from some of my other news postings.
The point of having panels or "side bar" as it is called in FF is that it  
SHOULD PROVIDE ADDITIONAL VALUE AND SERVICES. For example take a whatever  
news portal - HOW A ABOUT OF PANEL THAT WOULD DISPLAY LINKS TO THE RELATED  
STORIES (not limited to that news portal but also links to other news  
portals ) I HAVE MADE ASSOCIATIONS WITH? But to do that you need panel to  
obtain URL of the "main tab".
Or what about Panel that would search webpages text and compare it against  
person names in your personal database, assuming the panel is a webiste  
originating from local Apache/IIS whatever web server.

If such easy panel-communication would be made possible, it would open up  
a path for many new applications to rise. The concept of browser as  
information gathering tool with database backend would make its first  
steps in mainstream.

Also the sidebar can not provide ANY ADDITIONAL USEFUL contextual value if  
the XmlHTTPRequest is limited to communicate with the host the panel  
originates from. Somehow the useless widgets can communicate to different  
hosts, but panels can't... THERE IS NO LOGICAL EXPLENATION FOR THAT!
Now Rijk once said that widgets have different security context or  
subsystem or I dont recall exactly what it was exactly, but the point is  
WHY THEN THE PANELS COULDNT HAVE THAT DIFFERENT CONTEXT?
No answer...

--
Marek Mänd
Tallinn, Estonia