On 6/17/14, 10:08 AM, Vivien Nicolas wrote:
That's true. Actually there are many other hacks that depends on the
fact that application are certified. So even if I would like to have
more apps as privileged apps just for the principle, it's not that
simple. And we may need to reconsider the |privileged| status of the
email app based on some of the use case on some low end devices for now.
So one of the only reason the email app has been made |privileged| is
for some CSP compliance things, and because it does not needs APIs
that are certified-only. But we may need to keep it certified for perf
reasons if needed. It will depends on the impact of icon font there.
I appreciate there are always tradeoffs, but I also want to caution
against just proceeding because there is an escape value via certified.
We have a train model, and if it takes another train to avoid
certified-only, all apps benefit. It is already disconcerting that just
switching the type value in the manifest from certified to privileged,
we see a 20ms slowdown[1].
The greater concern is these certified escapes build up, and then taking
the time to undo them later eats into the next certified escape that is
wanted, so the gap will continue to grow. A good way to start fighting
the issue is to stop adding to the pile.
On icon fonts, it would be good to make sure there implemented with
accessibility in mind. This document[1] talks about that, and mentions a
Firefox bug[2] about aria-hidden that may need some attention if icon
fonts are used in buttons.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1024005
[2] http://filamentgroup.com/lab/bulletproof_icon_fonts.html
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=948540
James
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
