Security/reviews/firefox/PageInspectorHighlighter
From MozillaWiki
< Security
- Items to be reviewed
Contents
Introduce Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- The goal of the Page Inspector is to provide a facility to examine the
contents of a web page and its associated styles. It is a feature for developers and anyone interested in learning more about HTML and CSS.
- The Page inspector and highlighter is designed to be as uninvasive as
possible. Content is not touched by the tool until a user modifies it.
What solutions/approaches were considered other than the proposed solution?
- Not building a page inspector. Relying on third party addons.
Why was this solution chosen?
- This is considered an important feature for web developers. Reliance
on third parties to provide this functionality isn't really an option anymore. Also, we've approached the problem from a slightly different direction and have made some interesting gains in usability as a result.
Any security threats already considered in the design and why?
Threat Brainstorming
- is dom xss and clickjacking an issue to consider. (Probably not because this is outside the realestate of the webpage.)
- Are events supposed to propagate from the inspect view to the underlying webpage? (touchpad scroll events seem to)
- Yes, events are supposed to pass through
- Events won't be passed if we are in the panels
