diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2017-04-19 08:55:48 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2017-04-19 08:55:48 +0200 |
| commit | 0c30def4952fb51ada4f5ebbe15f19b9846afc4a (patch) | |
| tree | 1bc3f7acbf2ac668013da5d5be87311cbf42b331 /pkgs/beehive | |
| parent | 180ba349bc9caa660ae411f2d8a58c91192af1e0 (diff) | |
pkgs/santander: Whitelist webkitgtk2 for dwb
WebKitGTK+ has a bunch of security vulnerabilities: * WSA-2017-0002 * WSA-2017-0001 * WSA-2016-0006 * WSA-2016-0005 * WSA-2016-0004 We're using dwb in conjunction with this insecure version only for *one* specific application with *one* specific web site, so the attack surface is relatively low. The main issue with this is that the plugin required for the Santander page is based on NPAPI and most of the browsers out there do not support NPAPI, except a few ones: https://en.wikipedia.org/wiki/NPAPI#Browser_support I've tried to embed the plugin within Midori but I couldn't get it to work so far (Midori just says "No plugin available"), so I'm sticking with dwb for now, because the other browsers listed here either have the same problem (uzbl) or are simply too heavyweight. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs/beehive')
0 files changed, 0 insertions, 0 deletions