Thanks for making me aware of this security issue. Unfortunately, I don't
know if the issue has been addressed or how it's being prioritized within
the add-ons team. I added a comment referencing our thread (and how mobile
add-on developers might get stuck without a proper replacement) but I don't
have much more to add beyond that.
I think following up with the add-ons, or WebExtensions, team directly (I
don't know how active webextensions-support@ is) would be your best bet at
a more thorough response.
- Mike (:mcomella)
On Sat, Aug 5, 2017 at 2:45 AM, Richard Z <r...@linux-m68k.org> wrote:
> > Again, with little knowledge of the new APIs, here are some potential
> > solutions:
> > - The JS API `window` has a few existing methods to display a dialog:
> > <https://developer.mozilla.org/en-US/docs/Web/API/Window/alert> (dialog
> > with OK button), confirm
> > <https://developer.mozilla.org/en-US/docs/Web/API/Window/confirm>
> > with OK & cancel buttons), and prompt
> > <https://developer.mozilla.org/en-US/docs/Web/API/Window/prompt> (dialog
> > with OK & cancel buttons and an input field). You can run these in the
> > context of the page.
> not flexible enough. So far I have a custom vertical menu with 5 entries
> which could easily become more.
> > - Inject your own custom HTML prompt in the page the user is interacting
> > with – you could model it after the JS prompts or existing Android
> > There are also open source libraries for this (some examples, which I
> > not vetted myself: bootbox <http://bootboxjs.com/> and vex
> > <http://github.hubspot.com/vex/docs/welcome/>).
> Isn't this a security disaster waiting to happen analogous to this:
> Has this been somehow addressed?
> Name and OpenPGP keys available from pgp key servers
mobile-firefox-dev mailing list