canmove, Confirmed users
4,854
edits
Security/Reviews/PluginOverlayAPI: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 11: | Line 11: | ||
</bugzilla> | </bugzilla> | ||
}} | }} | ||
{{SecReview}} | {{SecReview | ||
|SecReview feature goal=To provide the API for the JavaScript extension to create the preview of a plug-in for specific mime type. Typical use case is to allow creation of the firefox extensions to provide the secure and interactive preview for or fully replace the native plugins. | |||
This is a key component of the Shumway implementation of a web-native SWF runtime, specifically the browser integration with Firefox | |||
=== Notes === | |||
Shumway will call registerPlayPreviewMimeType | |||
When there's an embed, a check for whether there's a preview for the type (if not, it calls up plugin) if there is, it loads shumway (other preview) instead. | |||
How does the extension distinguish between multiple frames with the same source? - shumway has access the DOM tree and can extract the information from the original element. | |||
What is the origin of the document in the iframe - originally the data: uri, then changed by the streamconverter - (for shumway, looks like resource:) | |||
use of a resource URL is likely to cause problems - either use a null principal or use the origin of the original resource. | |||
This isn't enabling anything addons can't already do; rather, exposing a cleaner way for them to do something. | |||
(pilot shumway extension https://github.com/mozilla/shumway/tree/master/extension/firefox) | |||
(iframe box testing http://pastebin.mozilla.org/1735309 ) | |||
|SecReview alt solutions=Alternative solution: to provide an API to the extension that will fully intercept a flash object instantiation we need: | |||
1. add entries to the window.navigator.plugins (with the same | |||
name, descript, version and mime type as flash); | |||
2. intercept/forward all <object | |||
classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"> | |||
instantiations; | |||
3. and, suppress the plugins priority for the document loader | |||
factory. | |||
|SecReview solution chosen=Less intervention into existing plugin loading base (nsObjectLoadingContent) | |||
|SecReview threat brainstorming=* iframe created for preview loads data: URI - inherits principal of resource:// URI which has some level of privilege - could try and use a null principal or iframe sandbox when it lands ? | |||
* preview iframe might be able to somehow interact with page/DOM after the user has decided to load the actual plugin if it's not cleaned up | |||
}} | |||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status=In Progress | |SecReview action item status=In Progress | ||
| Line 27: | Line 51: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Jethro</td> | |||
<td></td> | |||
<td>Arrange secreview for shumway</td> | |||
<td>Coincide with / follow shortly "rough alpha" ( suggest making secreview bug now, updating with time as appropriate)</td> | |||
<td></td> | <td></td> | ||
</tr> | </tr> | ||
<tr> | |||
<td>Yury</td> | |||
<td></td> | |||
<td>Remove preview iFrame (cleanup)</td> | |||
<td></td> | |||
<td></td> | |||
</tr> | |||
<tr> | |||
<td>Dan / Ian / Mark / David</td> | |||
<td></td> | |||
<td>Investigate alternatives for null principal for resolving iFrame security issues</td> | |||
<td>13th - 18th August</td> | |||
<td></td> | |||
</tr> | |||
</table> | </table> | ||