254
edits
Security/Reviews/Firefox4/HTML5 Parser Security Review: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/Firefox4/HTML5 Parser Security Review (view source)
Revision as of 14:37, 27 September 2010
, 27 September 2010→Configuration
| Line 98: | Line 98: | ||
== Configuration == | == Configuration == | ||
* Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | * Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | ||
Yes. The end user can configure settings via about:config. | |||
The pref html5.enable can be used to disable the HTML5 parser, in which case the old parser is used instead. This pref will become obsolete once the old parser is removed (after Firefox 4). Flipping this pref has the security-sensitive effect of using another HTML parser and its bugs instead of the bugs of the HTML5 parser. | |||
The pref html5.offmainthread can be used to make the HTML5 parser run all its tasks on the main thread. The purpose of this setting is debugging. | |||
There are various performance/responsiveness tunables: html5.flushtimer.initialdelay, html5.flushtimer.subsequentdelay, content.notify.interval, content.sink.interactive_deflect_count, content.sink.perf_deflect_count, content.sink.pending_event_mode, content.sink.event_probe_rate, content.sink.interactive_parse_time, content.sink.perf_parse_time, content.sink.interactive_time, content.sink.initial_perf_time, content.sink.enable_perf_mode, content.interrupt.parsing. I believe tuning these prefs doesn't have security consequences beyond a potential self-inflicted DoS. | |||
* Are there build options for developers? [#ifdefs, ac_add_options, etc.] | * Are there build options for developers? [#ifdefs, ac_add_options, etc.] | ||
Beyond #ifdef DEBUG, if SVG is disabled in Gecko build options, the HTML5 parser doesn't dispatch the SVG load event. | |||
#ifdef DEBUG_NS_HTML5_TREE_OP_EXECUTOR_FLUSH controls printf dumping of some performance statistics. | |||
* What ranges for the tunable are appropriate? How are they determined? | * What ranges for the tunable are appropriate? How are they determined? | ||
For the tunables that aren't booleans, it's not clear what the appropriate ranges are. The default values for the performance tunables are based on experimentation and/or guesswork. | |||
* What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | * What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | ||
The configuration options don't need on-going maintanance. | |||
== Relationships to other projects == | == Relationships to other projects == | ||