CQuirke’s Long View

Long lead times need long forward planning

IE Needs True "Blank" Page

Posted by cquirke on 19 May 2008

Technorati tags: , , , ,

In a malware-aware 21st century, IE really needs a true “NO home page” option, and not load an infectable .HTM file from a known filespec.

After all, if one wants to load a local .HTM as “home page”, perhaps to effect some scripting at the start of a browser session, then one can point to such a file as “home page”.  That is far clearer (“principle of least surprise”) than creating the impression of a “blank” home page that is not certain to be “blank”.

In other words, the “blank home page” option in IE8 should show nothing, and not load any file as the “home page”.  If IE8’s code requires something to chew on, then IE8 could spawn a fresh blank .HTM of random name from boilerplate code, and load that.

Please not let’s hear a lot of “mitigation noise” such as “an attacker would have to…” or “blah blah permissions” this, or “blah blah reduced user rights” that.  Non-existence trumps “security”!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: