Search by property

Jump to: navigation, search

This page provides a simple browsing interface for finding entities described by a property and a named value. Other available search interfaces include the page property search, and the ask query builder.

Search by property

A list of all pages that have property "Feature open issues and risks" with value "How much is this going to cost?". Since there have been only a few results, also nearby values are displayed.

Showing below up to 26 results starting with #1.

View (previous 50 | next 50) (20 | 50 | 100 | 250 | 500)


List of results

  • Security/Features/XSS Filter  + ( *<span style="color: grey; font-size:
    *[ON TRACK] Complete C++ implementation *[NEW] Test the feature in the Aurora channel to assess its compatibility with existing websites. *[NEW] Measure the average overhead of the filter? (Can we use telemetry to find this out?)
    re the average overhead of the filter? (Can we use telemetry to find this out?) )
  • Security/Features/Sandboxing of content processes  + ( *E10S is slow going, so only slow progress can be made *Threat model needed )
  • Services/Sync/Sync Setup Improvements Desktop  + ( *Should we wait until the desktop and mobile work is done before touching the copy and videos? )
  • Support/Firefox Features/Clean up user profile  + ( *Since OS X and Linux don't have installers, we don't have a way to trigger this process for them upon re-installation. The other use-cases are still valid though. )
  • Fennec/Features/a11y  + ( *Use PRD at [ htt
    *Use PRD at [] to identify, document (Bugzilla) and prioritize specific A11y features and requirements *Prioritize those features in our [ Mobile Priorities master list]
    &hl=en#gid=7 Mobile Priorities master list] )
  • OS X 10.7 support  + ( *
    * "[10.7] add resume support for Mac OS X 10.7 Lion" * "Support Lion User Interface Preservation" * "[10.7] Add Cmd+Opt+Q for "Quit and Discard Windows"
    dd Cmd+Opt+Q for "Quit and Discard Windows" )
  • Thunderbird Metro  + (1. Microsoft will be the only provider of
    1. Microsoft will be the only provider of Metro apps. Getting it through is going to be a problem. 2. Running an E-mail client with the suspend system is going to cause some annoyances to the users and developers. 3. How is a calendar going to be included? The calendar team will need to be brought in on this.
    r team will need to be brought in on this.)
  • Web Apps integration  + (;Current Blocking Issues * Need to figure
    ;Current Blocking Issues * Need to figure out testing situation for the install procedure and the webapp runtime * Need icon/URL for about:home * New about:home bounced in fx-team * UX polish needed for install UI. * UX decision needed: Post install message tells user where the app was installed OR the OS can show the user where the app was installed (or both?) ;Needs decision or clarification from Apps/Product/UX (ALL ANSWERED) * Need specification for what Firefox needs to do to install an app on Mac from Apps team. Tim/Dan/Myk putting it here: * UX (Boriss) has confirmed that there will not be a permanently visible Home Tab. Does this alter the user stories below? Do any assumptions by Product or Apps need to be re-evaluated in light of this? A: (JA) We will only keep the link to the market place on the home tab for FF13. * Should we open the dashboard after app install? Myk said "The doorhanger prompt seems reasonable and consistent with existing Firefox prompts for similar activities. But opening the dashboard isn't necessarily the right thing to do next. In the addon it feels clunky. It would be good to specify something else here." A: (JA) No. There is not dashboard because we are cutting Sync. * What is the default app opening behavior? Open as app tab? Open full-screen? Customizable? If the app is already open, open new one or activate the existing one? A: (JA) The app is only installed natively so native is the only way to open. If app already open it should reactivate the open app window. * About "Manual Install button on page that triggers Firefox install flow". Myk asked "Does it mean Firefox would add a button to the content of a page that offers an addon? Or simply that a page can display UI for installing an addon? The former feels underspecified and raises thorny questions that someone from the UX team should work through. The latter is just the natural consequence of having the mozapps API." A: (JA) Do not understand this question. Feels out of scope. * "App launchers must be able to update their appearance" - This is a web-side feature, so doesn't belong here, correct? A: (JA) Not sure why appearances would need to be updated, but either way we're not building that now. So it does not belong here. * "Apps should be able to run offline when possible" - Apps can use all the same offline features that the web platform offers. Is there any additional work to be done here? A: (JA) - I do not see any additional work here. As long as an app that is designed to work offline can we're good. * All of the uninstall features seem to be either web-side (launcher page) or WebRT side (OS uninstall support). Is there anything in Firefox UI that needs to be done to support these? A: (JA) - Nope * Data will be stored locally and synced to app once connectivity is available. Is this the apps' job to do the Syncing? A: (DA) - Apps must listen for online/offline events, and sync their data as necessary on their own. There's no Web platform feature for automatically syncing data at this time. ;Recent Changes * All permissions features are punted for now. Needs more UX and specification work done. Using standard web permissions model (prompt-on-access) as a normal tab. * Removed "use and re-engagement" bit about Home Tab updates when apps aren't loaded, and prompting user while browsing.
    loaded, and prompting user while browsing.)
  • Security/Features/HighlightCleartextPasswords  + (<b>Current/Latest Proposal:</b>
    Current/Latest Proposal: * See presentation: * Use an icon (ex: warning icon) in the password text box (shifting any placeholder the website set by a few pixels). This icon will appear all the time (not just onfocus). ([ Example Icon]) * When the user clicks on the warning icon or focuses on the input box, a message pops up with text that interrupts the user (ex: doorhanger), "This will submit your password unencrypted/This is an unencrypted page." The dialog will be designed differently than other warnings, so that users don't ignore it out of habituation. The dialog will present the user with a choice. ** If we can determine the ssl version of the page, provide these to options: "Click here to go to the encrypted version of this page." & "Click here to proceed stay on this page (not recommended)." Require the user to make a choice (no X to quit the dialog box) ** If we cannot determine the ssl version of the page, the user does not have any choices to select from. The message will not pop up in this cases. A user can Learn more by clicking on the site identity button or clicking on the Warning Icon. We will recommend that the user not reuse a password that they also use on an important account on this site. ** Perhaps include a checkbox for "Report to site owner". ** Include a checkbox for "always redirect me". * Do not autocomplete username and password if it's saved in Password Manager (require the user to go through the multi-user experience in password manager). Open Issues: * Should their be positive and negative assertions for type = password fields(ex: sad face and happy face) or only negative assertions? ** Giving a positive security assertion might actually make users more worried. Ex: rent an apartment with bars on the windows, or without? People may question why there is a need for bars. Tendency towards being more afraid in the safer apartment with bars. ** Examples: [ Green Plus] and [ Red Minus] ** Positive assertion with be inconsistent - if the form action calls a javascript function, we will not know whether the post is over http or https, and hence can't give a positive or negative assertion. See [ here] for an example. * How do we redirect users to the secure version of the page ** Site identity button (Larry)? ** Display info bar onfocus of pwd field ** Clicking the icon in the placeholder ** Link in the tooltips hint ** Link in the constraint validation hint * How do we detect the fqdn of the https version of an http page (if it exists)? What percentage of pages will this cover? ** Try just adding an s and check the status code in the response ** Leverage data in password manager ** Query or (similar concept to robots.txt). Websites create a login.txt that tells browser where to get the ssl version of a specific page. ** SSL Observatory * Integration with Password Manager. If a page has a highlighted password field, should passwords automatically be populated by Password Manager? If don't autofill and the user wants the password autofilled anyway, how would they do that? What would the UX look like? ** It would go through the multi-user experience (ex: when there are two username/password pairs stored for a site, the password isn't filled in until the user selects the username) ** Should we set autocomplete=off for username and passwords?
    sername) ** Should we set autocomplete=off for username and passwords?)
  • Services/Sync/Features/Addon Sync  + (<table border=1> <tr valign="top"
    Issue/Risk Status
    Do we need some prompts or feedback when add-ons are synced, at all? Probably. Many add-ons still aren't restartless, so installing, uninstalling, enabling, or disabling will require restart. When Sync is driving the add-on install, the Add-on Manager won't display any visual prompts. So, it will be Sync's responsibility to trigger a UI element to prompt restart, if desired. Sync has full control over that element. We could display the one used by the Add-on Manager or make our own.
    Answer from Faaborg: Is we do not need any extra UI. If the user happens to go to the Add-ons tab, the updated add-ons should show a restart is necessary.
    Are there any problems with large sets of add-on state being updated at once? Say the user has not used a device for a while and they use it again and a whole bunch of add-ons need to be updated.
    used a device for a while and they use it again and a whole bunch of add-ons need to be updated. </td> <td> </td> </tr> </table>)
  • Services/Sync/Sync Setup Improvements Mobile  + (<table class="fullwidth-table" style="w
    Risk/Issue Status
    There is a risk of a poor set up of a mobile device because a keyboard short cut may be too advanced for the non-techy Firefox users. Mitigation is to socialize this approach and get input from various folks including UR. UR studies in progress week of 7/18 and 7/25
    Not having the web page updates done by the time this feature is ready to launch is a launch blocker. The mitigation is to work with the web dev team to align schedules.
    Are there any security risks? 7/18: JA spoke to infrasec and they have no security concerns. I need to speak to Lukas to make sure there are no browser security concerns.
    Are there any privacy risks?
    ecurity concerns. I need to speak to Lukas to make sure there are no browser security concerns.</td> </tr> <tr> <td>Are there any privacy risks?</td> <td></td> </tr> </table>)
  • Security/Features/Mixed Content Blocker  + (=== Future UI tweaks === * https://bugzill
    === Future UI tweaks === * - Make mixed content blocker more discoverable * - Strike through https === Edge Cases === *, - Redirects * - Session Restore and document.write * - Object Subrequests * - Relying on HSTS to prevent Mixed Content * - Mixed content in iframes.
    .cgi?id=826599 - Mixed content in iframes.)
  • Features/Mobile/webapps  + (=== Next steps === * Implement the fronten
    === Next steps === * Implement the frontend pieces to expose webapps in Firefox for Android (find more mocks [ below]): *Complete UI design concept *Implement and review UI design *Sync with Appetizer team *Feature implementation **add an "Install web app" entry in the site menu when not in a web app **handle a --webapp switch on the command line **minimize the chrome when in web app mode. The icon is still clickable to show the site menu. **new "Set Page as Web App" entry in the site menu **"See all Web Apps" entry in the awesomscreen **A list-oriented display of the web apps.- new "Set Page as Web App" entry in the site menu **"See all Web Apps" entry in the awesomscreen **A list-oriented display of the web apps. **do not go fullscreen on maemo so the normal maemo application bar is used across the top **completely hide the fennec URL bar **no site menu at all === Risks === Note that the awesomescreen is changing, very soon: []
  • Firefox/Features/Support Mac App Store  + (==== Open issues ==== * Figure out if any
    ==== Open issues ==== * Figure out if any changes to the product need to be made * Figure out if any changes to the packaging need to be made * Talk to the Firefox Home team to discuss using the same account / key and their release process * Submit to the [ Mac App store] and deal with any issues found by Apple * Decide if we want PR around the submission or acceptance ==== Risks ==== * Firefox does not meet the restrictions for being on the app store ** There are other Gecko apps already in there ** Opera was submitted and accepted
    there ** Opera was submitted and accepted)
  • Features/FlightDeck/AMO Integration  + (AMO has a new API that is untested and may need modification as we proceed.)
  • Features/Firefox/Easy UI Feature Testing  + (Ability to modify UI has potential performance, privacy implications Collecting data has Privacy implications Publishing collected data has Privacy Implications What makes a "successful" feature?)
  • Platform/Features/WebP support  + (According to Jeff, WebP isn't good enough for us to ship yet. There are discussions with Google to improve WebP so it's relevant vs. JPEG*)
  • Security/Features/Strange SSL Cert Change Alert  + (Any notary-based component has the potential to be a privacy threat to users.)
  • Features/Desktop/BYOB-for-Firefox9  + (BYOB currently requires some extra work wi
    BYOB currently requires some extra work with reviewing, signing etc Partner Builds and the main goal of BYOB - creating some way to have customizations for enterprises is now kind of superseded by the ESR. So i think of the ways a) letting BYOB what it is today and letting users play with it. But removing the bookmark / bookmark toolbar feature to reduce reviewing efforts and using the new signing server so that the work required to keep byob up is reduced. b) using a internal instance of byob to create custom partner repacks like we did for holiday edition of firefox with being able to change the distribution.ini - uploading of extensions etc - instead of doing a lot of stuff via vim edits of distribution.ini on the partnerdist server
    distribution.ini on the partnerdist server)
  • Platform/Features/ElectrolysisTextureSharing  + (Chris Jones is writing the Direct3D 10/D2D
    Chris Jones is writing the Direct3D 10/D2D texture sharing code, and will write the D3D9 composition of Basic (Cairo) cross-process layers. '''It has not yet been decided who will do this work for OpenGL on OS X and Linux.''' This may be a simple task, because we already support compositing basic shadow layers using OpenGL.
    positing basic shadow layers using OpenGL.)
  • Labs/Deuxdrop  + (Currently in prototype / development stages)
  • Features/Desktop/Firefox reset option on reinstall  + (Decide on one of the two approaches in stage 3.)
  • Platform/Features/SkiaBackendForAzure  + (Doesn't have assigned resources yet.)
  • Firefox/Features/Locationbar Domain Highlight  + (Highlight the full domain (like Chrome) or only the base domain (like IE, Opera)? We're currently doing the latter. Do we want a pref for this?)
  • Ark  + (How far should we go? <-- The relevant range of possible solution targets for this product is huge.)
  • SMS support  + (If this is implemented, should it be imple
    If this is implemented, should it be implemented as a separate module, or integrated into the chat features? Should it do the same with the UX? Should this be implemented as a main feature, or as an add-on? By what means will TB interface with SMS networks?
    means will TB interface with SMS networks?)
  • How to not login like desktop apps  + (In Google Reader, you login and that's how
    In Google Reader, you login and that's how Google Reader links you to your rss list. In Thunderbird, Thunderbird loads your RSS list from your disk and that's how Thunderbird links you to your rss list. If you want your site to have no login, load the user's data from the user's disk. The problem is that all browsers poor disk load support. If I visit an embarrassing site, I have to delete the previous 1 hour. If I visited your site in the previous 1 hour, I have to delete your site's offline storage. This proves all browsers have poor disk load support. If your site is called Slick Feeds, I must be able to delete all data except from Slick Feeds, that is, I select all sites except Slick Feeds, then hit Forget All About These Sites. This is the solution. Currently, the solution exists as an add-on. It's called Mass Forget. Plus, people keep complaining about Facebook. Do you want to be in control of your data? Do you want your data to be in your disk? Then, you want this feature.
    in your disk? Then, you want this feature.)
  • Jetpack/Ship SDK via AMO  + (Is it technically possible? Would AMO reject it?)
  • Features/Desktop/IdentityIntegration  + (Jetpack performance and unit test results are unknown. Jetpack localization API is not implemented yet.)
  • Features/Desktop/Enhanced Blocklisting  + (Many of these features would require work on AMO. Most AMO developer focus these days is directed to the new Marketplace, so we might need help.)
  • Features/Desktop/Improve Add-on Monitoring  + (Many of these features would require work on AMO. Most AMO developer focus these days is directed to the new Marketplace, so we might need help.)
  • Features/Jetpack/Addons In Toolbar  + (Mobile is the biggest concern here, it is unclear how the proposal fits in on phones and tablets. We will also be restricting the size of the widget that developers can use now, we should consider how to support existing add-ons with larger widgets.)
  • Security/Features/TLS Telemetry  + (NSS currently doesn't expose information e
    NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs [ bug 704675] and [ bug 704584] We have decided to collect a smaller subset of the data in the initial feature. The study will be updated when more data is exposed through NSS.
    ted when more data is exposed through NSS.)
  • Features/Firefox/PluginCrashComments  + (Need to get this feature prioritized and an owner for the implementation.)
  • Security/Features/Certs Disallow Weak Keys  + (Need to pick a release in which we plan to disallow weak keys, so we can start communications.)
  • Add-on SDK in Firefox  + (Open issues: * Need to ensure Jetpack tests are run per-checkin by default on all branches (where it makes sense))
  • Firefox/Features/Chrome migration  + (Other browsers all migrate Firefox settings and data. We are surely losing lots of potential users here.)
  • Fennec/Features/langchoice  + (Pike's list: *Are there '''existing lang
    Pike's list: *Are there '''existing language packs on AMO'''? [ The list] doesn't show any, but as far as Pike knows, that's only blessed ones. *Who'd be the "'''owner'''" of language packs? Mostly a question of attribution vs permissions. And with respect to [] : *Right now,'''restartless add-ons''' exclude modifications to the chrome registry. No idea how far folks are in fixing that. Need :bs, mossop? *Where do we get the'''localized UI buttons and language names''' from for the startpage UI? Both from localizers to us, and from us to the browser. How does this differ for langpacks we build and langpacks contributed by outside community? *How do we '''localize default bookmarks'''? Probably involves timing of language selection/installation and profile initialization, and/or a feature request on places.
    ation, and/or a feature request on places.)
  • Platform/Features/Incremental GC  + (Re-enable incremental GC on desktop platforms Re-enable incremental GC on Android
  • Firefox/Features/PFS2 datasource  + (Readiness of PFS2 webapp is a blocker to i
    Readiness of PFS2 webapp is a blocker to implementation. Risks include resource availability with WebDev, and results of testing. The back-end must be ready to go before a product change is made, so the web service is a blocker for this feature. This feature should be re-considered as a P2 given the unknown state of PFS2.
    d as a P2 given the unknown state of PFS2.)
  • Identity/Features/Sign into the browser  + (Requires coordination with services infrastructure to support BrowserID-based authentication, as well as a key-wrapping feature in BrowserID.)
  • In-content preferences  + (Security and usability concerns associated with letting content area widgets modify the surrounding browser)
  • Features/Thunderbird/Instant messaging in Thunderbird  + (See [[Talk:Features/Thunderbird/Instant_messaging_in_Thunderbird|the discussion page]] for a summary of questions that were discussed while this page was a draft and answers that were gathered.)
  • TLS 1.1 / 1.2 Support  + (Should security perform a review on this feature?)
  • SearchHijacking  + (Some concerns about prompt affecting partn
    Some concerns about prompt affecting partners and relationships. We have everything implemented but may decide to leave on trunk for an additional cycle or tweak the prompt to make it less annoying. Asa on point to discuss with Kev and reach agreement on whether or not to keep it in FF13 and how we should message this. Put the status=at risk until we get it fully sorted out.
    =at risk until we get it fully sorted out.)
  • Platform/Features/Vertical text  + (Specification is in flux.)
  • Services/Sync/Features/MigrateToDigestAuth  + (Sync web servers receive username/pass in
    Sync web servers receive username/pass in cleartext (BasicAuth) through https before handing them off to LDAP/mySQL. Will be a problem when we store sync-keys protected by username/pass, because access to Sync web servers will be point of vulnerability. If an attacker gains control of Sync web servers, they will have access to username/pass in cleartext, can use these credentials to access sync-key, and then unencrypt user data stored on Sync web servers.
    rypt user data stored on Sync web servers.)
  • Platform/Features/MPAPI  + (TBD)
  • Features/Platform/Graphite font shaping  + (The Graphite shaping library includes a sm
    The Graphite shaping library includes a small, limited-functionality virtual machine that executes shaping instructions in the fonts. This could represent a potential attack surface (via maliciously-crafted web fonts), and needs to be reviewed and tested for robustness.
    to be reviewed and tested for robustness.)
  • DOMCryptInternalAPI  + (The content DOM API that this feature will support should obey private browsing mode, but also integrate well with PSM/NSS, in which case the keystore does not know about Private Browsing. We may need to tie the key storage to Places or something new.)