The proper way is to have an actual link but to override the behavior to navigate within the SPA. So if you click it, the navigation will be within the SPA but if you ctrl+click it, the browser takes over and opens the underlying link in a new page.
Typical issue is when a developer forgets to make it an actual link, but only inclides the SPA navigation.
Agreed, I was only suggesting to use Grayscale to cover all types of color-blindness and to encourage creating UIs that are independent from any color as it's a bad habit in general. It's easier to remember to not rely on any color rather than just red-green.
Living in Ulaanbaatar Mongolia for some time I experienced temperatures of -20 -30 -40 Celsius. Every ten degrees lower I thought it was going to be the same, but was I wrong.
My most notable discovery was when I wanted to jump start my car, because the battery died due to the cold. I was about to bring out my jumper cables when my local friend told me to bring the cables inside first.
I didn't understand why and naively ignored what he said only for the rubber jumper cables to literally crumble in my hand, breaking as I tried to straighten them.
Mongolians are so resilient and have so much knowledge on how to survive in extreme weathers with a simple yurt and a livestock of 100 sheep goats and horses.
> love a tool to see which tabs are talking with each other also
Cool idea but probably not that useful and difficult to accomplish. There are many ways to communicate that could be grouped into:
1. tab -> tab (same domain)
2. tab -> tab (different domain)
3. tab -> server -> tab
For #1, there are so many ways to transfer information it would be hard to detect and differentiate whether it's communication or just happens to be using the same resource. (e.g. one sets a cookie or local storage and the other one reads it)
For #3, it would be impossible to detect. Especially if detection is an issue, both tabs could be communicating with unrelated servers which talk with each other.
For #2, it would be the only interesting one as there is limited options (e.g. Broadcast Channel), but at the same time I assume rarely used in practice. And if detection is an issue, they would switch to #3 to avoid it.
Thank you "dz2742" for finding out [1] existing connections including websockets are not terminated and has won 100 USD! This is exactly the type of exploit I was hoping to catch.
Now I have to figure out how to fix that :) And also think about refilling the bug bounty pool without becoming very poor very soon.
The Contextual Identity API indicates that it's supported [1] in Firefox for Android so will need see how usable it is. I was planning on testing my extension on Android soon.
Looking into it more, there is an open request to complete the work in Android Firefox [2] and also to make the MAC extension for Android too [3]
The only minor counter-argument would be laziness as a security threat: the more difficult you make the process, the more likely the user will skip seemingly useless steps, thus compromising security.
> built in permission to disable AJAX after page load
Interesting, but consider this is a cat-and-mouse game. If you are the only one using this trick it may work for you, but I assume would be easy to overcome. (e.g. keep the page loading forever or until ads are loaded. Have the ads be J-free after page load, ...)
> website could play background music ... another tab could listen
You would need mic access from the other tab, but yes. If you send it over high enough frequency you wouldn't even hear it. You would just have a visual feedback that the tab is playing music.
On a side-note, I recall there was some kind of hardware device pairing (maybe Chromecast?) that used data over voice to establish that you are physically near the other device.
> Chrome's profiles are actually superior due to ability to have different extensions and history per profile
Interesting attack vector I haven't thought about which could leak information out of a network-locked Firefox Container. It would be under an assumption you have either:
1. A malicious extension installed (you have a much worse problem in this case)
2. A side-effect of an existing extension that leaks information to the outside world. (e.g. translate a part of a page, lookup a word in a dictionary, pre-fetch some images...)
> Firefox's containers are only useful if you want multiple logins
I think there are valid use cases for both Containers and Profiles. You can go down the list to have more and more isolation as needed:
- Grouping tabs to stay organized, no isolation
- Firefox containers, same browser window, shared history & extensions
- Chrome profiles, almost complete isolation within same browser (different processes)
What actually triggered my idea was a recent DNaaS HN post [1] that tells you your expected life expectancy and other cool facts based on your country and birthdate which I was reluctant to input my actual birthday.
Yes! Chrome has a visually similar functionality to Firefox Containers hidden away behind a feature flag [1] at the moment. BUT under the hood it's simply just tab grouping with no isolation. I presume isolation is against Google's interests so we will never see this kind of feature.
As for Firefox's API, the Contextual Identities API [2] that allows you to create/delete containers is amazing and easy to work with as a dev. And it works out-of-the-box, it doesn't need the companion addon Multi-Account Containers (MAC) [3] which really should've been part of Firefox in my opinion.
Agreed, and to be honest, this extension is more for myself as I would be extremely skeptical if someone else made it especially with the permissions it requires.
It would probably be more successful as a feature added to an existing trusted extension such as Temporary Containers.
Yes, in addition to deleting all browsing data (maybe in a private window) for that site prior to re-enabling internet otherwise the site could store information locally and transmit it once online.
After covid I lost my sense of smell, and for almost 2 years my smell only recovered to about 5% of my original.
Honestly, I thought about it and I'm perfectly fine not being able to smell for the rest of my life. On the flip side, I'm actually happy I'm not impacted by unwanted smells in my environment.
Having smelt before, I don't miss it, but if I was born without it I would always wonder. Well let me tell you there's not much to miss.
The proper way is to have an actual link but to override the behavior to navigate within the SPA. So if you click it, the navigation will be within the SPA but if you ctrl+click it, the browser takes over and opens the underlying link in a new page.
Typical issue is when a developer forgets to make it an actual link, but only inclides the SPA navigation.