MozillaWiki

Security/Reviews/Firefox4: Difference between revisions

< Security‎ | Reviews
No edit summary
 
(86 intermediate revisions by 21 users not shown)
Line 1: Line 1:
Please complete the [[Firefox3/Security_Review_Template|Security Review Template]] for your feature before scheduling your review. For small features or changes we will likely group several together into one session. Immediately after the Platform meeting often works well for that. For larger topics we should schedule them for a longer timeslot. Please add that time in the date column (use Mountain View time (Pacific)).
== Pending Reviews  ==


== Pending Reviews ==
Please complete the minimal [[Security/ReviewTemplate|Security Review Template]] for your feature before scheduling your review. For small features or changes we will likely group several together into one session or handle it one-on-one. For larger topics we should schedule them for a longer timeslot. Please add that time in the date column (use Mountain View time (Pacific)).
<b>The "who" is responsible for filling out the review template and scheduling the review.</b> Please email <i>secteam at mozilla dot com</i> when reviews are scheduled and if times change. Please also email any other folks in the "interested" column. If not immediately after a [[Platform#Meetings | Platform meeting]], dial in will be 650-903-0800 x92 Conf# 215 (US/INTL). Default IRC backchannel is #planning.
 
'''The "who" is responsible for filling out the review template and scheduling the review.''' Please email ''security at mozilla dot org'' when reviews are scheduled and if times change. Please also email any other folks in the "interested" column. If not immediately after a [[Platform#Meetings|Platform meeting]], dial in will be 650-903-0800 x92 Conf# 215 (US/INTL). Default IRC backchannel is #planning.
 
Features that get cut from Firefox 4 should be moved to the [[Security/Reviews/Firefox4.next|Firefox4.next]] page rather than simply deleted.  


<onlyinclude>
<onlyinclude>
=== Platform ===
=== Platform ===
 
All times are Mountain View local time (Pacific)
 
{| border="1"
{| border="1"
! feature || who || review date || interested
|-
|-
|[[Security/Reviews/Firefox4/AudioAPI_Security_Review|Audio API]] ||David Humphrey || ||
! feature
! who
! review date
! interested
! References<br>
|-
|-
|[[Security/Reviews/Firefox4/mozGetAsFile_Security_Review|canvas.mozGetAsFile]] ||khuey || ||
| [[Security/Reviews/Firefox4/CSS features Security Review|CSS calc(), CSS transitions, and CSS :-moz-any()]]  
| dbaron
| <br>
| <br>
| [https://developer.mozilla.org/en/CSS/-moz-calc -moz-calc()][https://developer.mozilla.org/en/CSS/CSS_transitions transitions] [https://developer.mozilla.org/en/CSS/%3A-moz-any -moz-any()]<br>
|-
|-
|[[Security/Reviews/Firefox4/Cookie_Security_Review|Cookie changes]] ||dwitte || ||
| [[Security/Reviews/Firefox4/CSS Element Security Review|CSS -moz-element/document.mozSetImageElement]]  
| mstange
| <br>
| <br>
| [https://developer.mozilla.org/en/DOM/document.mozSetImageElement spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/CSS_features_Security_Review|CSS calc(), CSS transitions, and CSS :-moz-any()]] ||dbaron || ||
| [[Security/Reviews/Firefox4/moz-font-feature-opentype Security Review|CSS -moz-font-feature-opentype]]  
| jdagget/jkew
| <br>
| <br>
| [http://lists.w3.org/Archives/Public/www-style/2009Jun/0506.html W3C Proposal] [https://developer.mozilla.org/en/CSS/@font-face spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/CSS_Element_Security_Review|CSS -moz-element/document.mozSetImageElement]] ||mstange || ||
| [[Security/Reviews/Firefox4/JS Animation Scheduling Security Review|JS animation scheduling]]  
| bzbarsky
| <br>
| <br>
| [https://developer.mozilla.org/en/DOM/Animations_using_MozBeforePaint spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/moz-font-feature-opentype_Security_Review|CSS -moz-font-feature-opentype]] ||jdagget/jkew || ||
| [[Security/Reviews/Firefox4/JS-ctypes|JS-ctypes]]  
| dwitte
| <br>
| bsmith
| [https://developer.mozilla.org/en/js-ctypes spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/Desktop_Notifications_Security_Review|Desktop Notifications]] ||dougt || ||
| [[Security/Reviews/Firefox4/JS ES5 Security Review|JS ES5]]  
| jwalden?
| <br>
| <br>
| [https://developer.mozilla.org/En/JavaScript/ECMAScript_5_support_in_Mozilla draft] {{bug|520696}}<br>
|-
|-
|[[Security/Reviews/Firefox4/FileAPI_Security_Review|File API changes]] ||sicking || ||
| [[Security/Reviews/Firefox4/JS Proxies Security Review|JS Proxies]]  
| gal?
| <br>
| <br>
| [https://developer.mozilla.org/en/nsISupports_proxies nsISupports proxies]<br>
|-
|-
|[[Security/Reviews/Firefox4/FormData_Security_Review|FormData]] ||sicking || ||
| [[Security/Reviews/Firefox4/JS Compartments Security Review|JS Compartments]]  
| mrbkap
| <br>
| <br>
| [https://developer.mozilla.org/En/SpiderMonkey/Internals/Thread_Safety SpiderMonkey Internals: Thread Safety]<br>
|-
|-
|[[Security/Reviews/Firefox4/HistoryState_Security_Review|History pushState/replaceState]] ||jlebar || ||
| [[Security/Reviews/Firefox4/ByteArray Security Review|JS/WebGL byte arrays]]  
| vlad
| <br>
| bsmith
| <br>
|-
|-
|[[Security/Reviews/Firefox4/HTML5_Forms_Security_Review|HTML5 Forms]] || || ||
| [[Security/Reviews/Firefox4/Media Buffer Security Review|Media Buffer API]]&nbsp;
| <br>
| <br>
| <br>
| {{bug|462957}}, {{bug|570904}} [https://developer.mozilla.org/en/Introducing_the_Audio_API_Extension spec]
|-
|-
|[[Security/Reviews/Firefox4/HTML5_Parser_Security_Review|HTML5 Parser]] || || ||
| [[Security/Reviews/Firefox4/DPI Security Review|New DPI System?]]  
| roc
| <br>
| <br>
| <br>
|-
|-
|[[Security/Reviews/Firefox4/IndexedDB_Security_Review|IndexedDB]] ||bent || ||
| [[Security/Reviews/Firefox4/SVG as IMG Security Review|SVG as IMG/background]]  
| dholbert
| <br>
| <br>
| <br>
|-
|-
|[[Security/Reviews/Firefox4/Jaegermonkey_Security_Review|Jägermonkey]] || || ||
| [[Security/Reviews/Firefox4/TabModal Dialogs Security Review|Tab Modal dialogs]]  
| dolske
| <br>
| bsmith
| [https://developer.mozilla.org/en/Using_tab-modal_prompts spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/JS_Animation_Scheduling_Security_Review|JS animation scheduling]] ||bzbarsky || ||
| [[Security/Reviews/Firefox4/TouchEvents Security Review|Touch Events]]  
| felipe
| <br>
| <br>
| [https://developer.mozilla.org/en/DOM/Touch_events spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/JS_ES5_Security_Review|JS ES5]] || || ||
| [[Security/Reviews/Firefox4/Driver Blocklisting Security Review|Video driver blocklisting]]  
| Joe Drew \o/
| <br>
| <br>
| <br>
|-
|-
|[[Security/Reviews/Firefox4/JS_Proxies_Security_Review|JS Proxies]] || || ||
| [[Security/Reviews/Firefox4/WebGL Security Review|WebGL]]  
| vlad
| <br>
| <br>
| [https://developer.mozilla.org/en/WebGL Spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/JS_Compartments_Security_Review|JS Compartments]] || || ||
| [[Security/Reviews/Firefox4/ANGLE Security Review|ANGLE]]  
| vlad
| <br>
| <br>
| [https://developer.mozilla.org/en/CSS/-moz-linear-gradient spec]<br>
|-
|-
|[[Security/Reviews/Firefox4/ByteArray_Security_Review|JS/WebGL byte arrays]] || || ||
| [[Security/Reviews/Firefox4/WebM Security Review|WebM]]  
| roc?
| <br>
| <br>
| [https://developer.mozilla.org/En/HTML/Element/Video video] [https://developer.mozilla.org/En/HTML/Element/Audio audio]<br>
|-
|-
| || || ||
| [[Security/Reviews/Firefox4/WebM3D Security Review|WebM 3D]]
| Matthew Gregan
| <br>
| <br>
| <br>
|-
|-
| || || ||
| [[Security/Reviews/Firefox4/XHR.mozResponseArrayBuffer Security Review|XHR.mozResponseArrayBuffer]]
| vlad
| <br>
| bsmith
| [https://developer.mozilla.org/en/xmlhttprequest spec]<br>
|}
 
=== Front End  ===
 
{| border="1"
|-
|-
|[[Security/Reviews/Firefox4/Media_Buffer_Security_Review|Media Buffer API]] || || ||
! feature
! who
! review date
! interested
|}
 
== Completed Reviews ==
 
Please add a link to the review comments in the appropriate column. There is a section in the template that can be used for this, but it's fine to have the comments in a separate document as long as it's linked to here.
 
=== Platform  ===
 
{| border="1"
|-
|-
|[[Security/Reviews/Firefox4/DPI_Security_Review|New DPI System?]] ||roc || ||
! feature
! who
! date
! review comments
|-
|-
|[[Security/Reviews/Firefox4/SMIL_Security_Review|SVG Animation (SMIL)]] ||dholbert || ||
| [[Security/Reviews/Firefox4/AudioAPI Security Review|Audio API]]  
| David Humphrey
| 2011-02-02
| [[Security/Reviews/Firefox4/AudioAPI Security Review#Review_comments|comments]]
|-
|-
|[[Security/Reviews/Firefox4/SVG_in_CSS_Security_Review|SVG in CSS Background]] ||dholbert || ||
| [[Security/Reviews/Firefox4/Jaegermonkey Security Review|Jägermonkey]]  
| sayre
| 2010-12-16
|  
|-
|-
|[[Security/Reviews/Firefox4/SVG_as_IMG_Security_Review|SVG as IMG]] ||dholbert || ||
| [[Security/Reviews/Firefox4/harfbuzz Security Review|harfbuzz]]  
| jdagget/jkew
| 2010-12-?
|  
|-
|-
|[[Security/Reviews/Firefox4/TabModal_Dialogs_Security_Review|Tab Modal dialogs]] ||dolske || ||
| [[Security/Reviews/Firefox4/HTML5 Parser Security Review|HTML5 Parser]]  
| hsivonen
| 2010-10-27
| [[Security/Reviews/Firefox4/HTML5 Parser Security Review#Review_comments|comments]]
|-
|-
|[[Security/Reviews/Firefox4/TouchEvents_Security_Review|Touch Events]] ||felipe || ||
| [[Security/Reviews/Firefox4/Desktop Notifications Security Review|Desktop Notifications]]  
| dougt
| 2010-10-18
| [[Security/Reviews/Firefox4/Desktop Notifications Security Review#Review_comments|comments]]
|-
|-
|[[Security/Reviews/Firefox4/TLS_FalseStart_Security_Review|TLS False Start]] || || ||
| [[Security/Reviews/Firefox4/IndexedDB Security Review|IndexedDB]]  
| bent
| 2010-09-30
| [[Security/Reviews/Firefox4/IndexedDB Security Review#Review_comments|comments]]
|-
|-
|[[Security/Reviews/Firefox4/WebGL_Security_Review|WebGL]] ||vlad || ||
| [[Security/Reviews/Firefox4/mozGetAsFile Security Review|canvas.mozGetAsFile]]  
| khuey
| 2010-09-29
|  
|-
|-
|[[Security/Reviews/Firefox4/WebM_Security_Review|WebM]] ||roc? || ||
| [[Security/Reviews/Firefox4/FileAPI Security Review|File API changes]]  
| sicking
| 2010-09-29
|  
|-
|-
|[[Security/Reviews/Firefox4/WebM3D_Security_Review|WebM 3D]] ||Matthew Gregan || ||
| [[Security/Reviews/Firefox4/FormData Security Review|FormData]]  
| sicking
| 2010-09-29
|  
|-
|-
|[[Security/Reviews/Firefox4/WebSocket_Security_Review|Web Sockets]] ||Fernando? || ||
| [[Security/Reviews/Firefox4/HTML5 Forms Security Review|HTML5 Forms]]  
| Mounir
| 2010-09-29
| [[Security/Reviews/Firefox4/HTML5 Forms Security Review#Review_comments|comments]]
|-
|-
|[[Security/Reviews/Firefox4/XHR.mozResponseArrayBuffer_Security_Review|XHR.mozResponseArrayBuffer]] ||vlad || ||
| Cookie changes
| dwitte
| 2010-09-22
| [[Security/Reviews/Firefox4/Cookie Security Review|comments]]
|-
|-
| [[Firefox3.1/SMIL Security Review|SVG Animation (SMIL)]]
| dholbert
| 2008-09-03
| [[Firefox3.1/SMIL Security Review#Review_comments|comments]]
|-
| [[Firefox 3.6/PushState Security Review|History pushState/replaceState]]
| jlebar
| see 3.6 rev
|
|}
|}


=== Front End ===
=== Front End ===
 
{| border="1"
{| border="1"
! feature || who || review date || interested
|-
|New Theme (code/bindings) ||gavin || ||
|-
|Auth door-hangers ||dolske || || dao
|-
|Web console || kdangoor || ||
|-
|Jetpack modules||dietrich || ||
|-
|App Tabs ||zpao || || dao
|-
|New Start Page ||mak || ||
|-
|-
|Post-update actions ||rs || ||
! feature
! who
! date
! review comments
|-
|-
|Update billboard changes ||rs || ||
| [[Security/Reviews/Firefox4/App Tabs Security Review|App Tabs]]
| zpao
| Jan 19, 2011 [https://bugzilla.mozilla.org/show_bug.cgi?id=625861 tracking bug]
| dao, faaborg
|-
|-
|Download mgr improvements/MIME type defaults ||limi || ||
| [[Security/Reviews/Firefox4/Doorhanger Security Review|Doorhanger notifications]]
| gavin
| Jan 19, 2011
| faaborg, bsmith
|-
|-
|Port satchel to js ||dolske || ||
| [[Security/Reviews/Firefox4/about:addons Security Review|about:addons]]
| mossop
| 2010-12-15
| <br>
|-
|-
|Tab Panorama ||aza || ||
| [[Security/Reviews/Firefox4/AddonUI Security Review|Add-on UI]]
| dietrich
| 2010-12-16
| [[Security/Reviews/Firefox4/AddonUI_Security_Review#Review_comments|comments]]
|-
|-
|Add-on UI ||dietrich || ||
| [[Security/Reviews/Firefox4/Jetpack Modules Security Review|Jetpack modules]]
| dietrich  
| 2010-12-16
| [[Security/Reviews/Firefox4/Jetpack_Modules_Security_Review#Review_comments|comments]]
|-
|-
|Places API redesign ||marco || ||
| [[Security/Reviews/Firefox4/about:home Security Review|New Start Page]]
| mak
| 2010-12-15
|
|-
|-
|about:addons ||mossop || ||
| [[Security/Reviews/Firefox4/Sync Security Review|Sync]]
|
| internal and external reviews
| faaborg, bsmith
|-
|-
|Doorhanger notifications ||gavin || ||
| [[Security/Reviews/Firefox4/Web Console Security Review|Web console]]
| kdangoor
| 2010-10-05
| [[Security/Reviews/Firefox4/Web Console Security Review#Review_comments|comments]]
|-
|-
|Sync || || ||
| [[Security/Reviews/Firefox4/Update Billboard Security Review|Update billboard changes]]
| rs
| 2011-01-24
| {{Bug|628428}}
|-
|-
| || || ||
| [[Firefox/Projects/Action_based_on_update_xml_after_app_update|Update: Post-update actions]]
| rs
| 2011-01-24
| <br>
|-
|-
| || || ||
| [[Security/Reviews/Firefox4/New Theme Security Review|New Theme (code/bindings)]]
| gavin
| Jan 19, 2011
| <br>
|-
|-
|}
| [[Security/Reviews/Firefox4/Satchel-JS Security Review|Port satchel to js]]
</onlyinclude>
| dolske
 
| <br>
== Completed Reviews ==
| <br>
Please add a link to the review comments in the appropriate column. There is a section in the template that can be used for this, but it's fine to have the comments in a separate document as long as it's linked to here.
 
=== Platform ===
{| border="1"
! feature || review date || who || review comments
|-
|-
| || || ||
| [[Security/Reviews/Firefox4/Cascade Session Restore Security Review|Cascade Session Restore]]
| zpao
| Jan 19, 2011 [https://bugzilla.mozilla.org/show_bug.cgi?id=625866 tracking bug]
| <br>
|-
|-
|}
| [[Security/Reviews/Firefox4/Deferred Session Restore Security Review|Deferred Session Restore]]
 
| zpao
=== Firefox ===
| [https://bugzilla.mozilla.org/show_bug.cgi?id=625866 tracking bug]
{| border="1"
| <br>
! feature || review date || who || review comments
|-
|-
| || || ||
| [[Security/Reviews/Firefox4/Tab Panorama Security Review|Tab Panorama]]
| aza
| Jan 19, 2011 [https://bugzilla.mozilla.org/show_bug.cgi?id=625217 tracking bug]
|  
|-
|-
|}
|}

Latest revision as of 18:17, 2 March 2011

Pending Reviews

Please complete the minimal Security Review Template for your feature before scheduling your review. For small features or changes we will likely group several together into one session or handle it one-on-one. For larger topics we should schedule them for a longer timeslot. Please add that time in the date column (use Mountain View time (Pacific)).

The "who" is responsible for filling out the review template and scheduling the review. Please email security at mozilla dot org when reviews are scheduled and if times change. Please also email any other folks in the "interested" column. If not immediately after a Platform meeting, dial in will be 650-903-0800 x92 Conf# 215 (US/INTL). Default IRC backchannel is #planning.

Features that get cut from Firefox 4 should be moved to the Firefox4.next page rather than simply deleted.


Platform

All times are Mountain View local time (Pacific)

feature who review date interested References
CSS calc(), CSS transitions, and CSS :-moz-any() dbaron

-moz-calc()transitions -moz-any()
CSS -moz-element/document.mozSetImageElement mstange

spec
CSS -moz-font-feature-opentype jdagget/jkew

W3C Proposal spec
JS animation scheduling bzbarsky

spec
JS-ctypes dwitte
bsmith spec
JS ES5 jwalden?

draft bug 520696
JS Proxies gal?

nsISupports proxies
JS Compartments mrbkap

SpiderMonkey Internals: Thread Safety
JS/WebGL byte arrays vlad
bsmith
Media Buffer API 


bug 462957, bug 570904 spec
New DPI System? roc


SVG as IMG/background dholbert


Tab Modal dialogs dolske
bsmith spec
Touch Events felipe

spec
Video driver blocklisting Joe Drew \o/


WebGL vlad

Spec
ANGLE vlad

spec
WebM roc?

video audio
WebM 3D Matthew Gregan


XHR.mozResponseArrayBuffer vlad
bsmith spec

Front End

feature who review date interested

Completed Reviews

Please add a link to the review comments in the appropriate column. There is a section in the template that can be used for this, but it's fine to have the comments in a separate document as long as it's linked to here.

Platform

feature who date review comments
Audio API David Humphrey 2011-02-02 comments
Jägermonkey sayre 2010-12-16
harfbuzz jdagget/jkew 2010-12-?
HTML5 Parser hsivonen 2010-10-27 comments
Desktop Notifications dougt 2010-10-18 comments
IndexedDB bent 2010-09-30 comments
canvas.mozGetAsFile khuey 2010-09-29
File API changes sicking 2010-09-29
FormData sicking 2010-09-29
HTML5 Forms Mounir 2010-09-29 comments
Cookie changes dwitte 2010-09-22 comments
SVG Animation (SMIL) dholbert 2008-09-03 comments
History pushState/replaceState jlebar see 3.6 rev

Front End

feature who date review comments
App Tabs zpao Jan 19, 2011 tracking bug dao, faaborg
Doorhanger notifications gavin Jan 19, 2011 faaborg, bsmith
about:addons mossop 2010-12-15
Add-on UI dietrich 2010-12-16 comments
Jetpack modules dietrich 2010-12-16 comments
New Start Page mak 2010-12-15
Sync internal and external reviews faaborg, bsmith
Web console kdangoor 2010-10-05 comments
Update billboard changes rs 2011-01-24 bug 628428
Update: Post-update actions rs 2011-01-24
New Theme (code/bindings) gavin Jan 19, 2011
Port satchel to js dolske

Cascade Session Restore zpao Jan 19, 2011 tracking bug
Deferred Session Restore zpao tracking bug
Tab Panorama aza Jan 19, 2011 tracking bug
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Reviews/Firefox4&oldid=288108"