Security/Reviews/Firefox10/SyncDialogue

From MozillaWiki
Jump to: navigation, search

Items to be reviewed:

  • bug 675822 - First sync desktop status page with upload progress bar

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • people want to know more of what is happening in a visual manner
    • end of setup wizard now has a tab that has a progress bar of initial sync progress
    • can be closed without interfiering with sync
    • doing same thing on mobile (diff bug, different UI)
  • UX wanted tab not dialogue
  • same thing as add-ons manager or about:permissions

What solutions/approaches were considered other than the proposed solution?

  • modal dialogue is current and we could have extended but chose not to
    • want to enforce this is a background thing

Why was this solution chosen?

  • reasons above

Any security threats already considered in the design and why?

  • non-safe about dialogue as chrome privs are needed
    • web pages cannot open this
    • setup wizard opens this, session restore if user keeps it around
    • only UI flow is end of setup wizard when doing setup for sync
  • page causes nothing to happen
    • observers and prefs only, notifications are not new
    • sync service and engine manager are used to figure out progress
      • call into a jdm; part of main sync code

Threat Brainstorming

Conclusions / Action Items