• Michael Catanzaro's avatar
    Remove auto-open downloads feature · a41416c9
    Michael Catanzaro authored
    This is inherently unsafe because a webpage can download a malicious
    file without user interaction, and trust it will open automatically in
    a vulnerable application.
    
    We will continue to download files automatically, despite the various
    Chrome hacks from last year proving that this can be abused via tracker
    and GNOME desktop thumbnailers. Tracker now mitigates this risk using
    libseccomp, and GNOME desktop thumbnailers are now run under bubblewrap.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=794681
    a41416c9
ephy-download.c 23 KB