On 8/26/13 2:04 AM, Frederik Braun wrote:
I'd love the health-report web page to suggest remediations for
performance-sucking issues. But I'm afraid of allowing remote content
(albeit 'secured' using HTTPS) to actually trigger this behaviour.
I'm much more confident in the pattern that the code stays in the
browser in contrast to being highly volatile.
A one-shot "optimize performance" button that calls a list of hard-coded
procedures (e.g. disable_known_performance_killers(),
reset_experimental_settings_that_are_for_power_users_only(), ...) would
be pretty cool though :)
Even if more automation is desired, I'd go for the in-browser solution.
Are there any more opinions on this topic?
I understand that if I present the question as "should we do X or Y" and
Y is more "secure," people on this forum will say "do Y." Since this
feature is near and dear to the hearts of many, perhaps I should be
asking "what will it take to make it pass security review?" If that
answer is "nothing," then that's the answer. I'd like to think there is
some wiggle room here.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
