Re: Mixed HTTPS/non-HTTPS content in IE9 and Chrome 13 dev [and WebSockets in FF6]
On 6/7/2011 5:52 PM, Adam Barth wrote: On Tue, Jun 7, 2011 at 5:43 PM, Brian Smithbsm...@mozilla.com wrote: Adam Barth wrote: On 5/31/2011 8:24 AM, Brian Smith wrote: We have also discussed blocking https+ws:// content completely in our WebSockets implementation, so that all WebSockets on a HTTPS page must be wss://. That way, we could avoid making mixed content problems any worse. Do you have a bug on file for that yet? If you'd be willing to file a bug at bugs.webkit.org too (and CC me), I can help make sure WebKit and Firefox end up with the same behavior here. Bugzilla Bug 662692 Chromium Issue 85271 WebKit Issue 62253 I wasn't sure which email address to use to CC you to the Chromium and WebKit bugs. Thanks! Adam Do we have consensus that this is something we want, both internally and externally? --Chris ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Mixed HTTPS/non-HTTPS content in IE9 and Chrome 13 dev [and WebSockets in FF6]
On 5/31/2011 8:24 AM, Brian Smith wrote: We have also discussed blocking https+ws:// content completely in our WebSockets implementation, so that all WebSockets on a HTTPS page must be wss://. That way, we could avoid making mixed content problems any worse. Do you have a bug on file for that yet? --Chris ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Content Security Policy feedback
You guys should add Arun + Jonas to this conversation if you can. --Chris ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Browser security in the XO aka OLPC aka $100 laptop
Check with Marco Gritti m...@redhat.com. He's the guy doing all the browser work. --Chris On Apr 3, 2008, at 2:06 AM, Xavier Vergés wrote: Thanks, Boris I haven't asked them (still don't know where they hang out), but I'm under the impression that they are running plain Xulrunner, using Hulahop, a Gecko embedding widget based on pyxpcom http://dev.laptop.org/git?p=projects/hulahop;a=tree Still lots of things to learn... -Xv On Apr 3, 12:07 am, Boris Zbarsky bzbar...@mit.edu wrote: Xavier Vergés wrote: In the XO Browser, it failed silently doing it from a file: url The file:// special-casing is hardcoded in nsPrincipal.cpp. So it sounds like the XO browser has some sort of code changes to make this not work. The obvious way to see whether there is some way to enable the prompt is to look at their code. Sadly, it looks like the link from their wiki is broken. You might want to ask the XO folks where you can get the source to their browser. -Boris ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: Who is using NSS in their projects?
On 3/3/2010 10:40 AM, Shailendra Jain wrote: I also heard that Linux is planning to integrate NSS as main security features for Linux. Is that true? That's true, but I'm not sure how deep it goes. --Chris ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security