SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-04-30

From MozillaWiki

< SummerOfCode‎ | 2012‎ | UserCSP

Jump to: navigation, search

« previous week | index | next week »

Contents

1 This Week
2 Monday, 30 April
3 Tuesday, 01 May
4 Wednesday, 02 May
5 Thursday, 03 May
6 Friday, 04 May

This Week

Monday, 30 April

Reading Jetpack extension development APIs.

Tuesday, 01 May

Updated UserCSP extension GUI as per the suggestions from Tanvi. (In GUI of UserCSP extension: All input fields on the left and written rules on the right)

Wednesday, 02 May

Examine the code of third party sqlite module: "https://bitbucket.org/julianceballos/sqlite-jetpack/". This code helped me to understand, how Sqlite can be used in add-on that developed using Jetpack extension development framework.

Thursday, 03 May

Reading source code of CSP (Content Security Policy) implementation in Firefox. I read following files:

- http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsCSPService.cpp

- http://mxr.mozilla.org/mozilla-central/source/content/base/src/contentSecurityPolicy.js

- http://mxr.mozilla.org/mozilla-central/source/content/base/public/nsIContentSecurityPolicy.idl

- http://mxr.mozilla.org/mozilla-central/source/content/base/src/CSPUtils.jsm#45

Friday, 04 May

UI of UserCSP add-on:

Figure: UserCSP add-on UI

Tabpanel of CSP directives: Each directive will have its own tab. Currently there are only three directives supported namely: default-src, script-src, and object-src. Users can change to another CSP directive by clicking on its tab button. For example, to write rules for "object-src" CSP directive, click on "object-src" tab on the tab panel and write rules for object-src CSP directives.

Text field of "Enter Rule", allows user to type rules for the selected CSP directive.

The "Add" button adds rule written by user to "User Specified Rule" list.

The "Website Specified Rules" list shows CSP rules specified by the website for selected tab's directive. If website doesn't specify any rules then it is empty.

If website specifies CSP policy, then "Add to User Rule" button is useful for users to use some of those rules into their rule sets. User need to select a rule they want to use from the "Website Specified Rules" list and click on the "Add to User Rule" button to add all selected rules to the "User Specified Rules" list.

The "User Specified Rules" list contains CSP rules specified by user for the currently selected CSP directive.

The "Apply User Rules" button applies rules in the "User Specified Rules" list on the website.

UI of UserCSP add-on:

Figure: UserCSP UI with dynamic UI to allow users to refine rules.

If website has specified CSP rules then four new components are shown dynamically in the user CSP UI namely, horizontal line, "Refine Rules" button, "Refined Rules" label and "Apply Refined Rules" button.

The "Refine Rules" button allows users to combine "Website Specified Rules" and "User Specified Rules", and use aggregate of them. Exactly how this button will behave is not yet fully decided.

The "Apply Refine Rules" button allows user to apply the result of "Refine Rules" action on the website.

Retrieved from "https://wiki.mozilla.org/index.php?title=SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-04-30&oldid=427702"