
Firefox 6 for web developers - tbassetto
http://hacks.mozilla.org/2011/08/firefox6/
======
yan
"For security reasons, data: and javascript: URIs no longer inherit the
security context of the current page when the user enters them in the location
bar; instead, a new, empty, security context is created. This means that
script loaded by entering javascript: URIs in the location bar no longer has
access to DOM methods and the like, for example. These URIs continue to work
as before when used by script, however."

Good bye bookmarklets?

~~~
simonw
Sounds smart. It's extremely easy to get an unsophisticated user (heck, any
user who isn't a web developer) to paste a random string of junk in to their
URL bar - and doing so is a very nasty XSS vector that works no matter what
precautions a site's developers have taken.

I'm sure I've heard of this attack being used successfully on Facebook, spread
through messages that say "paste this in to your URL bar to get X".

~~~
re
So those messages will say "press [whatever key combo activates the console]
and paste this text there for a funny video" instead?

~~~
pbhjpbhj
Or possibly "drag this link to the toolbar and click when on any page on
Facebook to see which of your friends is viewing that page" or whatever.

------
gchucky
> WebSockets are back!

I have a feeling that's going to make a lot of people very happy. Good to see
that they were able to solve the security issues.

~~~
JoshTriplett
Server-sent events seem awesome as well. Open a connection to the server, let
it stream you events, and each one generates a Javascript event.

~~~
PedroCandeias
It's hard to believe it's 2011 and there's still no standard way of sending
data from a server to a browser other than ajax and comet trickery.

This sounds like a step in the right direction.

------
hendler
Happy about websockets.

But mostly excited for FF 7 with the memory management improvements.
[http://blog.mozilla.com/nnethercote/2011/08/09/firefox-7-is-...](http://blog.mozilla.com/nnethercote/2011/08/09/firefox-7-is-
lean-and-fast-2/)

Firebug needs a manual update. see <http://getfirebug.com/downloads>

[edited to add firebug link]

Learned that

~~~
mixmastamyk
Meh, I've been using FF8 nightly for a few weeks and the memory improvements
are modest at best. I just had to restart my browser because it got up to
650mb even after closing tabs.

~~~
tbassetto
It may be caused by poorly written extensions and/or extensions "forced" to be
compatible with nightlies.

------
ck2
Thanks for adopting the existing "standard" for touches, now I can remove some
of the extra code I had for F4 mobile.

~~~
mbrubeck
Awesome! Please let us know if you find any problems with the touch events in
Fx6 mobile. (You can contact me directly at mbrubeck@mozilla.com or file a bug
at bugzilla.mozilla.org under the "Fennec" product.)

------
dbingham
I think my favorite part is that they've finally added an auto-update feature.
If you open about Firefox, it checks to determine whether or not you're up to
date. Especially if they're going to be bringing out frequent releases, I
don't want to be constantly reinstalling Firefox.

~~~
brown9-2
That's been there for a while - I'd prefer if they would silently update the
browser in the background and active it on the next restart, just as Chrome
does.

I hate being told that Firefox 5.0 or 6.0 is out, only to find out that there
are barely any major changes in this seemingly major version. If you want to
release more often and make it a more seemless process, the app should stop
announcing each new version like a major release.

~~~
bzbarsky
The app doesn't announce each new version unless you have add-ons that are
incompatible with the new version (in which case you get a dialog telling you
so), last I checked.

It does tell you that it's applying an update when you do the update startup,
so far. That's likely to go away as well.

------
bzbarsky
It'll be interesting to see whether sites start using the CSS auto-hyphenation
features....

------
jfoucher
That's good, but what I really want to know is "Will Firebug still work after
I upgrade?"

~~~
mbrubeck
Yes: <https://getfirebug.com/downloads/>

------
jdelsman
Server sent events and WebSockets are the +1 for me!

------
mbrzuzy
I'm getting a download rate of anywhere from 4kb/s to 10kb/s for the download.
:'(

