CH Scratchpad: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 20: Line 20:
*** require https to prevent WiFi hotspot MiTM attacks?
*** require https to prevent WiFi hotspot MiTM attacks?


== P1 todos ==
== web handlers todos ==
* code
** <strike>refactor pref RDF stuff for protocol support: {{bug|384374}} (waiting for review)</strike>
** tweak pref RDF stuff for multiple apps: {{bug|384374}}
** <strike>proto dialog: lightweight XUL dialog (implement and hook up) {{bug|385065}}</strike>
** prefs UI for changing {{bug|377784}}
** register{Protocol}Handler dialog & impl {{bug|385106}}
** platform specific app detection (win, mac, unix) {{bug|385114}}


* pref RDF work (proto & mime)
* favicons for pre-shipped online handlers
* proto dialog: lightweight XUL dialog
* online default registry (plugin finder?)
* MIME backend
* tweak existing ucth dialog for mime
* security review
* security review
* prefs UI for changing
* register{content,Protocol}Handler dialogs
* POST support
* prod mgmt stuff: defaults, partner contact work

Latest revision as of 16:24, 1 August 2007

design issues

  • need to handle offline case gracefully
    • fragment identifiers can be used, but hacky; ping WhatWG
  • static add vs. dynamic add vs. preview actions
    • spec issue: GET not very RESTful for first two cases
  • security issues
    • spec: "should NEVER send https URIs to third-party sites"; need to design fallback behavior or change. todo: ask hixie what this protects
    • how do we handle URI leakage as per HTML5 4.10.2.1. todo: does fx2 handle this? sounds hard (impossible?) to fix
    • credential leakage spec verbiage sounds unimplementable
    • set up security audit
      • protocol handlers
        • figure out what URI schemes are acceptable for both source and target
  • POST issues
    • use cases
    • security stuff (see biesi/hixie thread in WhatWG archives)
      • require https to prevent WiFi hotspot MiTM attacks?

web handlers todos

  • code
    • refactor pref RDF stuff for protocol support: bug 384374 (waiting for review)
    • tweak pref RDF stuff for multiple apps: bug 384374
    • proto dialog: lightweight XUL dialog (implement and hook up) bug 385065
    • prefs UI for changing bug 377784
    • register{Protocol}Handler dialog & impl bug 385106
    • platform specific app detection (win, mac, unix) bug 385114
  • favicons for pre-shipped online handlers
  • online default registry (plugin finder?)
  • security review
Retrieved from "https://wiki.mozilla.org/index.php?title=CH_Scratchpad&oldid=64254"