Security/Reviews/Firefox4/HTML5 Forms Security Review

From MozillaWiki
Jump to: navigation, search


HTML5 Forms introduce new elements, new attributes and an automatic form validation mechanism. The main goal is to answer to the current needs of the web (ie. do what is currently done in javascript).

Background links

Security and Privacy

  • Is this feature a security feature? If it is, what security issues is it intended to resolve?


  • What potential security issues in your feature have you already considered and addressed?


  • Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?


  • Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.

autofocus feature could be used to steal focus while the user is typing a password.

  • How are transitions in/out of Private Browsing mode handled?

No private browsing handling (not needed).

Exported APIs

  • Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)

All used interfaces are Gecko's one. Mostly from content/ or dom/.

  • Does it interoperate with a web service? How will it do so?


  • Explain the significant file formats, names, syntax, and semantics.


  • Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?

It's documented in MDC.

  • Does it change any existing interfaces?

Mostly dom/interfaces/html/. Some others too. Let me know if an exhaustive list is required for the review.

Module interactions

  • What other modules are used (REQUIRES in the makefile, interfaces)?


  • What data is read or parsed by this feature?
  • What is the output of this feature?
  • What storage formats are used?


  • What failure modes or decision points are presented to the user?

Nothing except javascript exceptions.

  • Can its files be corrupted by failures? Does it clean up any locks/files after crashes?



  • Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?

The user can disable the autofocus feature with about:config (browser.autoconfig).

  • Are there build options for developers? [#ifdefs, ac_add_options, etc.]


  • What ranges for the tunable are appropriate? How are they determined?


  • What are its on-going maintenance requirements (e.g. Web links, perishable data files)?


Relationships to other projects

Are there related projects in the community? No.

Review comments

  • Make sure that we can't autofocus inside a new iframe when loaded.
 bug 601030
  • Check that regexp engine doesn't call operation callback.
 The following exception is thrown if the regexp is too complex: "InternalError: regular expression too complex"
  • Should think about PUT and DELETE for form methods.
 This is going to be removed bug 600813