Firefox/Meeting/26-Mar-2019
Today’s meeting leader is: lina! Double surprise!
Contents
- 1 General Topics / Roundtable
- 2 Friends of the Firefox team
- 3 Project Updates
- 3.1 Activity Stream
- 3.2 Add-ons / Web Extensions (read-only, unfortunately)
- 3.3 Applications
- 3.4 Screenshots
- 3.5 Lockbox
- 3.6 Services (Firefox Accounts / Sync / Push)
- 3.7 Browser Architecture
- 3.8 Developer Tools
- 3.9 Fission
- 3.10 Lint
- 3.11 NodeJS
- 3.12 Password Manager
- 3.13 Performance
- 3.14 Performance tools
- 3.15 Policy Engine (mkaply not in meeting)
- 3.16 Privacy/Security
- 3.17 Search and Navigation
- 3.18 User Experience
- 4 This week I learned
General Topics / Roundtable
Friends of the Firefox team
Introductions
Resolved bugs (excluding employees)
Fixed more than one bug
- akshitha shetty
- Carolina Jimenez Gomez
- Dhruvi Butti
- Fanny Batista Vieira [:fanny] [:fanny]
- Florens Verschelde :fvsch
- Helena Moreno (aka helenatxu)
- Hemakshi Sachdev [:hemakshis]
- Heng Yeow (:tanhengyeow)
- Ian Moody [:Kwan]
- Jawad Ahmed [:jawad]
- Mellina Y.
- Monika Maheshwari [:MonikaMaheshwari]
- Neha
- Nidhi Kumari
- Syeda Asra Arshia Qadri [:aqadri]
New contributors (🌟 = first patch)
- 🌟 Andrew L removed some old backwards-compatibility code from our DevTools that we don’t need anymore
- 🌟 Arpit Bharti [:arpit73] added some titles to about:checkerboard and about:memory
- 🌟 avi.mathur.engg+github made it so that we hide the table headers when selecting an empty storage source in the DevTools Storage Inspector
- 🌟 clement.allain fixed some busted links in some of our in-tree documentation for Telemetry
- Dhruvi Butti made it so that repeated messages that are coalesced in the DevTools Console show some indication that they were coalesced when copying them to the clipboard, and also made it so that the $x console helper can accept a resultType argument
- Berkay Barlas made it so that the Reader Mode sidebar isn’t affected by page zoom actions
- freychr3 converted the Password Manager dialog to Fluent
- Jawad Ahmed [:jawad] made it so that we update the sidebar icon in the Library based on whether the sidebar is set to open on the left or right, and also fixed the contrast of the Details link in the Show Update History dialog
- Rizwan Syed simplified some of our Login Manager code by transitioning some things to some common helpers
- Monika Manuela Hengki removed an unneeded Hidden Window dependency from our PageThumbs code
- 🌟 Mauricio Araujo made about:preferences more consistent with how it uses “and” vs “&”
- Mrigank Krishan fixed a bug where sorting by column in the DevTools Network Monitor wasn’t working
- nickcowles9575 ported about:privatebrowsing to Fluent
- 🌟 Nidhi Kumari removed some dead code from LoginManager.jsm, and also made our Find Bar code better at skipping nodes that have no visual representation
- 🌟 Shailja Agarwala made it so that the runtime.setUninstallURL API can accept the empty string at runtime
- 🌟 sonali18317 made it so that we close any open Reader Mode sidebar panels when making a selection on the text
- trushita improved how Reader Mode handles plain text documents
- Laphets [:Laphets] fixed a bug in how we categorize WebSockets in the DevTools Network Monitor
Project Updates
Activity Stream
Preparing to launch the Pin Tabs CFR message globally in 68
Currently just `en-US` in Beta (around 10% of the people that open the message will also pin the tab)
We’re Investigating Pocket New Tab startup performance
There is a regression on the reference hardware compared to the default (66) New Tab experience
The current theory is that it is caused by network calls/processing for fetching images
The target is to make Pocket New Tab the default experience in 68
Working on lazy loading images https://bugzilla.mozilla.org/show_bug.cgi?id=1535749
Meta Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1534775
How we measure https://docs.google.com/document/d/1dTCR6sxZU_OwbMQGGXKW-4w0xu8-PdBP5WJrzG6Gi4s/edit#
Add-ons / Web Extensions (read-only, unfortunately)
Work continues on long-term projects:
Supporting migration of search engines to WebExtensions
Handling extensions in private browsing windows:
- Cleanups (courtesy of Shane Caraveo and Luca Greco), including a bug with privileged extensions not honoring private browsing permission (spoiler: they shouldn’t even allow changing it), and another one about side-loaded extensions (also a weird drive-by wherein a side-loaded extension won’t load if a bootstrapped one is present), but that’s details. Some of these should uplift to 67.
Rewriting about:addons in HTML
Work begins on new projects:
Adding abuse reporting for extensions to about:addons
Integrating recommendations (formerly “Get Add-ons”) directly in about:addons (making about:addons no longer hybrid content)
Other:
Standard8 enabled WebNavigation transition notifications for WebExtensions on QuantumBar
Florian removed some expensive CheckForNewChrome calls during shutdown
Behold: the best bug report?
- Of note: AMO is migrating installed LWTs to XPIs \o/
Applications
Screenshots
- No updates this week.
Lockbox
- Planning 68/69 work. No other updates this week.
Services (Firefox Accounts / Sync / Push)
Thom is working on an HTTP client abstraction for our Rust components.
We’ll use Necko (via GeckoView) on Android, and system networking libraries on iOS.
- Thom and Ryan also have a proposal for a crypto abstraction (NSS and OS-level crypto), for encrypting and decrypting sync records and push messages.
- The new, more discoverable FxA doorhanger is in Nightly!
Rust-powered bookmark merging landed in Nightly! Both Desktop and the Rust components we’re building for mobile use the same merger now.
You can enable the services.sync.bookmarks.buffer.enabled pref to check it out.
Browser Architecture
Developer Tools
- Thanks to Fanny Batista Vieira (GSOC), Adrian Anderson (Outreachy) and nikitarajput360 (Outreachy) for working on bug 1115363 - Add a Copy context menu item to the Storage Inspector.
- Thanks to Avi Mathur for working on bug 1291427 - Table headers are not removed when selecting an empty storage
Good number of external contributions for the Console:
Helena Moreno added support for Cmd+K to clear the console - Bug 1532939
Helena Moreno added support to open URL of network messages with Cmd/Ctrl + click in the console - Bug 1466040
Erik Carillo made the console less painful to navigate with the keyboard by adding a `role=main` attribute on the output - Bug 1530936
Bisola Omisore implemented NOT clearing the console input when evaluating, for the editor mode - Bug 1519313
+ lots of in progress bugs
- Grouping of tracking protection messages in Console is in progress - Bug 1524276
- Column breakpoints in the Debugger are faster and more polished, esp. on reload
- Network Panel now has support for resizable columns (Bug 1533764). Kudos to Lenka, who finished this feature during her Outreachy internship and who already picked up the next feature.
- Landed a blank markup view bug related to a CORS issue (Bug 1535661)
- Landed meta viewport support for Responsive Design Mode behind pref (devtools.responsive.metaViewport.enabled)
396x225px
396x225px - Also landed a redesigned settings panel for RDM (thanks to our design contributors @KrisKristin) and will soon land the ability to edit devices
- You can now (remote) debug service workers in e10s multiprocess if you are also running the new ServiceWorkers implementation (dom.serviceWorkers.parent_intercept) (bug)
The all new and improved about:debugging is getting close to shipping (try it by enabling devtools.aboutdebugging.new-enabled or going to about:debugging-new). This new version allows you to debug Gecko in USB devices without launching WebIDE, amongst many other improvements.
If you test it and find bugs, please file them here and we’ll take care of them.
- Removed Shader, Web audio, Canvas and shared components (see Intent to Unship for reference)
Fission
No major updates this week, though Felipe and mconley have put together a short-list of components to port, including:
WebNavigationChild
BrowserTabChild
BrowserChild
tab-content.js
about:neterror
about:tabcrashed
- The aim is to have these ported in time to demo for Whistler
Lint
Ian Moody is rolling out the ESLint rule no-throw-literal across the tree.
This will help improve our error messages and handling.
- Gijs is working on enabling at least basic ESLint parsing for xul files.
- ESlint is now enabled for docshell, uriloader, dom/browser-element and dom/url
(Hopefully) landing soon:
Less .eslintrc.js files will be needed.
Directories where the path is of the following formats will be automatically configured and not need a .eslintrc.js file:
xpcshell
**/test*/unit*/
**/test*/xpcshell/
- browser-chrome mochitests: **/test*/**/browser/
- plain mochitests: **/test*/mochitest/
- chrome mochitests: **/test*/chrome/
I'm planning more follow-up work in the future to re-organise non-matching test directories to fit these structures where possible. Things like browser/base/content/test may get special exceptions.
NodeJS
Password Manager
Resolved
Gather data on support for filling login fields/forms with autocomplete=off in other browsers
Don't repeatedly prompt to save the same username and password combination in the same document
Password fields not re-filled and login autocomplete not attached after back/forward navigation
Add an entry point to access saved logins from the main menu 🔑 (in beta 67)
234x302pxRun login capture code upon page navigation if there are password fields present in a <form>
- Please file bugs if you still don’t get a prompt to save a new login in Nightly.
Provide autocomplete experience when formSubmitURL does not match
Autocomplete footer
240x183px- Pressing enter on the autocomplete footer should open the password manager dialog
- Center the login autocomplete footer text
- Turn on 'View Saved Logins' autocomplete footer by default on desktop
- Don't close the login autocomplete popup when the search string becomes empty
- Don't automatically show only the View Saved Logins footer upon focusing a non-empty secure password field
- "View Saved Logins" text have no contrast with a Dark GTK Theme
In Progress
Identify popular sites that munge usernames/passwords and create a plan to not save munged values
- We’re still looking for websites where the wrong password value gets saved e.g. ”x” or some other garbage.
Allow embedded web extensions to serve/register about: pages
Only prompt to save logins if a login field was modified by the user
Password manager should never offer to save credit card numbers (as the password?)
Performance
- See Firefox Front-End Performance Update #15
- Development of the new tab animations have been put on hold until UR comes back with information on whether or not users perceive them as faster / smoother
- Start-up cache Telemetry tests seem to have detected an issue with how we read from the cache when the QuantumBar is enabled
- The warm-up service is getting close to being something we can test in a lab setting. We have a pref writing to the Windows Registry, and now need to add a special mode to Firefox where it starts, loads its critical DLLs, and then shuts down
The hidden window is now loaded lazily - this resulted in a 3% ts_paint win
Caption: This is a graph of the ts_paint startup paint Talos benchmark. The highlighted node is the first mozilla-central build with the hidden window work. Lower is better, so this looks like a nice win!
- We now preload about:newtab on idle, rather than immediately after a tab opens. This means that new windows can get their first new tabs preloaded now, which wasn’t the case before.
- We’ve decided to put the Browser Adjustment project on hold, and pull the patches from Nightly to lower the frame rate on weaker hardware. Details in this blog post.
- A pref-flip experiment is scheduled for later in this Beta cycle to test the Process Priority Manager on Windows
Performance tools
- Added "Build Type” and "Update Channel” information to header metadata panel.
359x363px
Metadata panel on Firefox Profiler that includes “Build Type” and “Update Channel” information
- Added a “PID” label under the global tracks.
268x163px
Parent Process track with PID under it
- Working on PII sanitization before sharing a profile. Will be ready within a couple of weeks.
Policy Engine (mkaply not in meeting)
Privacy/Security
- [johannh] I can’t make the meeting, so maybe read-only unless someone wants to read it out
- We released a new version (1.6.5) of Facebook Container!
- We are now detecting man-in-the-middle software on certificate error pages even more precisely by doing a priming network request.
- Dimi updated the URL Classifier so that it will classify more channels by default, effectively closing most loopholes for Content Blocking or SafeBrowsing bypasses.
- We added support for requiring user gestures by default for push notifications and will start to experiment with this soon.
- We are trying out stronger restrictions on how often websites can show basic auth prompts. Please file a bug if anything breaks because of this.
- Erica added a way for users to reload all their tabs when they changed their cookie settings.
Search:
Studies:
Federated learning should launch in April
NewTab Search in private browsing is live
Quantum Bar in nightly is live
- Working on remaining unit test failures, before landing built-in WebExtension Search Engines on Nightly 68
Quantum Bar:
- Nightly study is ongoing, got useful bug reports, keep them coming
- Lots of autofill fixes and burning down list of blockers
- Work continues on accessibility, RTL, flicker
- Initial API design for future experiments, under discussion