Security/Sandbox/Deny Filesystem Access: Difference between revisions

Security/Sandbox/Deny Filesystem Access (view source)

Revision as of 23:38, 18 May 2016

359 bytes added , 18 May 2016

→‎Cross-Platform Blockers

Haftandilian

202

edits

@@ Line 36: / Line 36: @@
 | {{bug|1090454}} Trigger print jobs from the parent instead of the child when printing from a remote browser || Blocks disabling write access to $HOME and other locations || TBD. For printing and print-to-file. (TBD, because I don't understand the details of why printing requires writing to filesystem).
 |-
-| {{bug|1136836}} Load chrome: URLs through parent process || Blocks disabling read access to $HOME || Addons can load scripts and resources from the profile directory using chrome:// and resource:// URL's. An add-on calling loadFromScript("chrome://foo/bar") from the Parent process results in Content trying to load that URL.
+| {{bug|1136836}} Load chrome: URLs through parent process || Blocks disabling read access to $HOME || Addons can load scripts and resources from the profile directory using chrome:// and resource:// URI's. An add-on calling loadFromScript("chrome://foo/bar") from the Parent process results in Content trying to load that URL.
+Content scripts running in the content process may use chrome:// URI's to load supporting code.
+Web content can use chrome:// and resource:// URI's.
+Another approach is to allow read access to the place within the profile that addons/Firefox store chrome:// and resource:// files. billm suspects those are safe locations that don't contain sensitive data.
 |-
 | {{bug|1109293}} Desktop content process resource:// and moz-extension:// URIs should not directly use file:/// || Might block how we handle file:// URI's ||

Security/Sandbox/Deny Filesystem Access: Difference between revisions

Security/Sandbox/Deny Filesystem Access (view source)

Revision as of 23:38, 18 May 2016

Navigation menu

Search