2010 Feb 27, 10:06A web browser add-on security research paper that describes the Google Chrome security model. "We propose a new browser extension system that improves security by using least privilege, privilege
separation,
and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability.
Our design has been adopted as the Google Chrome extension system."
security design google chrome firefox addon plugin web browser technical research adam-barth system:filetype:pdf system:media:document 2009 Aug 18, 4:19
Before we shipped IE8 there were no Accelerators, so we had some fun making our own for our favorite web services. I've got a small set of tips for creating Accelerators for other people's web
services. I was planning on writing this up as an IE blog post, but Jon wrote a post covering a
similar area so rather than write a full and coherent blog post I'll just list a few points:
- The first thing to try is looking for developer help for the web service, specifically if there's a REST-ful URL based API. For example, Bing Maps has great URL API documentation that would
be enough to create an Accelerator.
- The Accelerator XML is very similar to HTML forms. If you can find an HTML form for the web service for which you want to create an Accelerator, you can view the HTML source and create an
Accelerator based on that.
- I created the FormToAccelerator extension based on the previous idea. You can
use the extension to create an Accelerator from an HTML form, or just use it to create the start of one and edit it manually after.
- If the page doesn't use an HTML form, you can start up an HTTP debugger like Fiddler, use the web service from the normal web
page, and then in Fiddler see if you can find a REST-ful looking URL you can use.
- When looking to create a preview for your Accelerator, see if the web page for the web service has a mobile version or a version that's intended to embed in other web pages via an iframe. On
this same line, iPhone apps make great Accelerators usually with lovely previews.
- If there's no mobile or embeddable version and the only thing wrong with the normal web page for the web service is that the useful information doesn't fit in the preview window then see if you
can find an HTML tag with a name or id near the useful information, and stick a '#' fragment pointing to that tag onto the preview URL template.
- Without a reasonable REST-ful API you can use a combination of Google's "site:" and "I'm Feeling Lucky" to find the most relevant page on a particular site.
- The value of a name and value pair need not consist of only a single Accelerator variable. You can get creative and put other text in there. For instance, I implemented a Google currency conversion by setting the query to "{selection} in US Dollars".
technical accelerator ie8 ie
Some rights reserved