Will the addons run in separated processes? If the addons run in the same process of the target app, addons may introduce additional permissions to the content process. For example, an addon may introduce a raw socket permission to the content process if the addon need raw socket API.
If the addons run in separated processes, it introduces the overhead of DOM acessing (of course, we can use page scripts), and eat more memory. Maybe we should start from page scripts, it is much simple than others. Fabrice Desre <[email protected]> writes: > On 07/09/2013 02:15 AM, Gervase Markham wrote: > >> >> And is there a way we can allow people to write (and add and remove) >> add-ons for arbitrary apps? It may be that we have to allow apps to opt >> out of this, and it may be that we decide that users won't understand it >> well enough to make it not a big security hole ("Can I be an addon to >> your banking app, pretty please?") but we should at least consider it, >> because it would be an awesome feature in line with our "hack the >> web"/"user choice" position, and a great differentiator. > > Absolutely, that's the plan. Sorry if this wasn't clear. Apps are "just" > web content, that should be remixable like other web sites. You're right > that we'll need to get the security right there - maybe by using the > same review process we have for privileged apps. > > Fabrice -- Sinker -- 天教懶漫帶疏狂 _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
