Status

Places Security Review tracking bug

• bug 375898

Has a design review been completed?

There has not been a formal design review.

• Places Design Overview

When do you anticipate the feature landing

• Places-based History was turned on for the Firefox 3 Alpha 2 release
• Places-based Bookmarks was turned on for the Firefox 3 Alpha 5 release

Overview

Implement new back ends for Bookmarks and History using the mozStorage system. Develop newer, more usable front end components to display results, emphasizing simple search and categorization.

Use Cases

• Places:History Use Cases
• Bookmarks Use Cases

Requirements

• Fx3 Places PRD Requirements

UI Design Documentation

use cases and expected user knowledge (terminology, metaphors, etc)

Terminology:

• Visit
• Session
• Bookmark
• Tag
• Star
• Folder
• Livemark
• Smart Folders/Queries/Saved Searches
• Organizer
• Keyword

design mockups (of whatever fidelity is easiest)

• Places:User_Interface

links to relevant user data, bugs, reports, examples, etc

Design Impact

Security and Privacy

• What security issues do you address in your project?

• Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?

• Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
  • Assumptions
  • Capabilities
  • Potential Risks

Exported APIs

• Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
  • APIs exported to the web: none
  • APIs exported to XPCOM in /browser:
    • nsIPlacesImportExportService
    • nsIPlacesTransactionsService
  • APIs exported to XPCOM in /toolkit:
    • nsIAnnotationService
    • nsIBrowserHistory
    • nsIDynamicContainer
    • nsIFaviconService
    • nsILivemarkService
    • nsINavBookmarksService
    • nsINavHistoryService
    • nsITaggingService
  • UI -- see the UI design documentation section

• Does it interoperate with a web service? How will it do so?
  • The livemark service gets feed data from the Feeds components. At this point, that's about as close as Places comes to any web service.

• Explain the significant file formats, names, syntax, and semantics.
  • places.sqlite: The central datastore is using SQLite via mozStorage. XXXlinks
  • bookmarks.html: Places can parse and serialize bookmarks data in the "bookmarks.html" format.
  • JSON: bug 384370 introduces backups and imports of bookmark, tag and annotation data from JSON files. This may expand to include history data, as well as using the format for web service interaction. XXXlinks

• Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
  • Feedback thus far from extension developers have been positive.

• Does it change any existing interfaces?

Web Compatibility

• Does the feature had any impact on Web compatibility?

Performance

• How will the project contribute (positively or negatively) to "perceived performance"?

• What are the performance goals of the project? How were they evaluated? What is the test or reference platform and baseline results?

• Will it require large files/databases (for example, browsing history)?

Reliability

• What failure modes or decision points are presented to the user?

• Can its files be corrupted by failures? Does it clean up any locks/files after crashes?

l10n and a11y

Are any strings being changed or added?

• browser
• toolkit

Are all UI elements available through accessibility technologies?

Places has several open bugs on specific areas that are not properly accessible.

Installation, Upgrade/Downgrade/Sidegrade, and platform requirements

Does it equally support all Tier-1 platforms?

• Yes.

Does it have a hardware requirement (or increase minimum requirements)?

• No.

Does it require changes to the installer?

• No.

Does it impact updates?

• No.

List the expected behavior of this feature/function when Firefox is upgraded to a newer minor release, downgraded by installation of an earlier revision, or re-installed (same version)

• Upgrade: No change on upgrade to newer minor release

• Downgrade to previous major release: Bookmarks and history will revert to their pre-Places state.

Configuration

Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?

Prefs:

• browser.expire_history_days - A ceiling on the number of days of history to keep.
• browser.expire_history_visits - A ceiling on the number of history visits to keep.
• browser.places.importBookmarksHTML - If true, import the bookmarks.html file in the profile on startup.
• browser.urlbar.matchOnlyTyped - In location bar autocomplete, only show typed URLs, not those that are the result of a link click, for example.
• browser.history.showSessions - When history is sorted by date, also group by session.
• browser.places.createdDefaultQueries - Whether the Places folder on the toolbar has been created. The folder will be re-created at startup if false.
• browser.history_cache_percentage - % of RAM to use as a cap for sqlite cache size (details)

Are there build options for developers? [#ifdefs, ac_add_options, etc.]

• Not anymore

What ranges for the tunable are appropriate? How are they determined?

What are its on-going maintenance requirements (e.g. Web links, perishable data files)?

• The default bookmarks.html file

Relationships to other projects - are there related projects in the community?

• If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?

• Are you updating, copying or changing functional areas maintained by other groups?

Documentation

• Do built-in Help pages need modified?

• Documentation for developer.mozilla.org?

Other

Discussion & Implications

Caveats / What We've Tried Before

References