SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-07-16

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

This Week

Monday, 16 July

 Currently, we know https://csptest.computerist.org website sets CSP rules.  However, website CSP rules were  not correctly reflected in the add-on.

Tuesday, 17 July

  • Hostname Wildcards Filtering according to W3C specification
    • A source expression MAY contain a single wildcard character, * , in the hostname portion and it MUST be used in place of the left­most, or most specific, DNS label. The wildcard character matches zero or more DNS labels.
      • Accepted Inputs: *, *.example.com
      • Rejected Inputs: example.* , www.*.com
  • Port Wildcards Filtering according to W3C specification
    • A source expression MAY contain a single wildcard character, * , in place of the port number. The wildcard character indicates that any port may be used to load content.

Wednesday, 18 July

  • BigFix: User specified rules for a website should take precedence over "Every Website" rules.
  • Tested with yahoo.com. First, defined rules for "Every Website" then defined rules for yahoo.com. Rules defined for yahoo.com were enforced by add-on.

Thursday, 19 July

  • Used Regular expression to filter out unnecessary input to make sure characters that aren't allowed in a url are filtered out.
    • Regular expression I used is as follows:
***  var myRegexp = new RegExp('^[a-z0-9 _.:*\']*$', 'i');
*** Please let me know if there are any bugs in it. (email: patilkr  AT  comp   DOT  nus DOT edu  DOT  sg)

Friday, 20 July

  • Added a newline in All Tab UI after websiteCSP rule, User CSP rules and Combine CSP rules for better visibility.
  • For filtering, if there is invalid user input, it was reported using alert prompt. But it deteriorate user experience and Hides add-on UI. Instead of reporting errors using alert prompt, it would be better to show errors to user in add-on UI. Therefore, errors are now reported in the UI with RED color below the input field.