[tbb-dev] Current thoughts on tb-manual presentation

Matt Pagan matt at pagan.io
Wed May 28 16:34:52 UTC 2014

Mark Smith:
> On 5/27/14 10:47 PM, Matt Pagan wrote:
>> ...
>> 1) Replace the help desk email label in tor-launcher with a button,
>> which, when clicked, tells the user's system to open a local pdf file
>> with the system's default pdf viewer.
>> A con to this approach is that I don't know if it is even possible at
>> all; that is, I'm not sure if JS is capable of detecting what the
>> default application for a filetype is or, if it's not, I'm not sure it's
>> capable of just "opening a file" that needs to be opened with a
>> specific, local application.
> There are APIs inside Firefox for opening local files and "revealing"
> directories/folders.  It should be fairly easy to implement this option.
>> 3) Replace the help desk email label in tor-launcher with a button,
>> which, when clicked, opens a XUL window (like window.open) that contains
>> nothing but an iFrame which loads the the local index.html file (from
>> which the user can then navigate to all the other html pages because of
>> the manual's design)
>> con: ??.
>> This seems like a pretty possible thing to do right now. Is it? I could
>> not actually get my implementation of this idea even close to working,
>> but I also introduced a lot of new moving parts at once, and I'm still
>> getting the hang of debugging. This seems like it would be the most
>> user-friendly workflow of these various approaches.
> I agree this would be the most user friendly option.  It will also
> require the most implementation effort.  Basically, we need to build a
> XUL+HTML (or XUL+PDF) help viewer that does not allow users to "escape"
> and start accessing the network.

How salient are the risks of accessing the network if there are no
external links in the manual and the window is opened with arguments
similar to:

window.open("file://" + dir + "index.html", "_blank",


That is, why would escaping and accessing the network be a consideration
if the address bar, menubar, and toolbar aren't loaded?

Matt Pagan
PGP: 0xE9284418E360583C

More information about the tbb-dev mailing list