- Items to be reviewed
- 1 Introduce Feature
- 2 Any security threats already considered in the design and why?
- 3 Threat Brainstorming
- 4 Conclusions / Action Items
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- The goal of the Page Inspector is to provide a facility to examine the
contents of a web page and its associated styles. It is a feature for developers and anyone interested in learning more about HTML and CSS.
- The Page inspector and highlighter is designed to be as uninvasive as
possible. Content is not touched by the tool until a user modifies it.
What solutions/approaches were considered other than the proposed solution?
- Not building a page inspector. Relying on third party addons.
Why was this solution chosen?
- This is considered an important feature for web developers. Reliance
on third parties to provide this functionality isn't really an option anymore. Also, we've approached the problem from a slightly different direction and have made some interesting gains in usability as a result.
Any security threats already considered in the design and why?
- is dom xss and clickjacking an issue to consider. (Probably not because this is outside the realestate of the webpage.)
- Are events supposed to propagate from the inspect view to the underlying webpage? (touchpad scroll events seem to)
- Yes, events are supposed to pass through
- Events won't be passed if we are in the panels