Hacker News new | comments | show | ask | jobs | submit login

Which, as we know, is a rock-solid protection mechanism against these types of exploits. Everyone reads modal messages.

In order to get to that modal message, you first have to go and enable remote debugging, which is not something normal people would do. And in general, even though we can (and already have) come up with even more mitigations for the potential threat, the sad truth is that security and usability are fundamentally a tradeoff, so you have to strike a balance at some point.

And, I understand that. But, the drawbacks of the security implications of your development/developer browsers being thus weakened is, IMO, a decision heavily weighted in favour _against_ this feature.

Personally, I would love it. It would make my life easier to have a full IDE within a browser. However, I would never be comfortable with the security tradeoff and would never enable it.

Maybe turning on some kind of dev mode to enable the feature, and then keep the modals as well.

Fair enough. +1

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact