date:20190113

[desktop] Bugs logged by Desktop Release QA in the last 7 days

2019-01-13 Thread Mihai Boldan


Hello,

Here's the list of new issues found and filed by the Desktop Release QA 
team last two weeks.
Additional details on the team's priorities last week, as well as the 
plans for the current week are available at: https://tinyurl.com/yb6h28ba

Bugs logged by Desktop Release QA in the last 7 days:

Firefox: Tours
NEW - https://bugzil.la/1518419 - Content blocking causes list elements 
form [Go back/forward one page] context menu to flicker on hover


Firefox: Toolbars and Customization
NEW - https://bugzil.la/1518500 - The 'Flexible Space' item disappears 
from the customization pallette after adding it to the right side of the 
bookmark toolbar


Firefox: Bookmarks & History
NEW - https://bugzil.la/1518518 - Bookmark position mark misplaced when 
moving bookmarks in bookmark toolbar


Firefox: Bookmarks & History
NEW - https://bugzil.la/1518529 - Bookmarks saved for non-secure sites 
(http) don't show for secure (https) sites


Firefox: Security
NEW - https://bugzil.la/1519095 - Wrong pop-up message is displayed when 
running while(true) {window.open(...);}


Firefox: Tracking Protection
VERIFIED FIXED - https://bugzil.la/1519137 - [Content Blocking] Cookies' 
labels are no longer displayed in the Control center after a 
restart/opening and closing the browser


Core: Layout: Scrolling and Overflow
NEW - https://bugzil.la/1518781 - [twitch] The edit button for comments 
is hard to click because it's covered by the scrollbar, if your OS uses 
overlay scrollbars (and your browser lacks ::-webkit-scrollbar support)


Core: Security: PSM
NEW - https://bugzil.la/1518786 - Add Security Exception window sizing 
issues


Core: Document Navigation
NEW - https://bugzil.la/1518788 - The Back button is active in a newly 
opened tab if the tab is opened by default


Core: Audio/Video: Playback
NEW - https://bugzil.la/1519317 - Shaka Player demo shows 
MEDIA.VIDEO_ERROR on loop enabled


Core: DOM: Animation
NEW - https://bugzil.la/1518816 - Flicker when transitioning on Tumblr 
landing page


Toolkit: Performance Monitoring
NEW - https://bugzil.la/1518790 - [Win] Worker and tracker icons are not 
displayed in about performance while in High Contrast themes


Toolkit: Performance Monitoring
NEW - https://bugzil.la/1519108 - Closed tabs will not disappear 
immediately from about:performance list


DevTools: about:debugging
NEW - https://bugzil.la/1518095 - Swapping between about:newtab and 
about:debugging kills devTools


DevTools: CSS Rules Inspector
NEW - https://bugzil.la/1518135 - DevTools rules scrolls on settings toggle

DevTools: Inspector
NEW - https://bugzil.la/1518147 - [Track changes] - The changes are not 
properly picked up for html:not(.style-scope) inline selectors


DevTools: Inspector
NEW - https://bugzil.la/1518187 - [Tack changes] - disabling and editing 
a property is tracked for each action instead of last one only


DevTools: General
NEW - https://bugzil.la/1518485 - Sub-Section headers for 3pane 
inspector and Network sections are not marked as active when tab-focused


DevTools: CSS Rules Inspector
NEW - https://bugzil.la/1518831 - Some declarations are removed if their 
property names are invalid


DevTools: General
NEW - https://bugzil.la/1519087 - [Ubuntu] - DevTools Settings cannot be 
cancelled if searchbox is active


DevTools: Inspector
NEW - https://bugzil.la/1519132 - [Track changes] - Declaration values 
containing quotes are not properly picked up by the changes tab


DevTools: Inspector
NEW - https://bugzil.la/1519383 - [Track changes] Changing values for 
multiple properties in different iframes not reflected in changes tab 
for all


Tech Evangelism: Desktop
NEW - https://bugzil.la/1518825 - Scroll bar obstructs the Bing map when 
the traffic view is selected


This is available as a Bugzilla bug list as well: 
https://tinyurl.com/ybctglnh

Regards,
Mihai Boldan
QC Engineer
Softvision

The content of this communication is classified as Softvision 
Confidential and Proprietary Information.


___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to implement: report-to header as part of Reporting API

2019-01-13 Thread Andrea Marchesini

>
>
> Sorry for my laziness not having scanned through the links below to find
> the answer to this question, but how does this interact with the
> same-origin policy, if at all?  And if it does, is enabling it in sandbox
> iframes without the allow-same-origin token the right thing to do?
>

It's possible to have cross-origin endpoints. And yes, we should not send
report in such sandboxed iframes. I'll file a spec issue if there is not
one yet.

I assume it is possible for foo.example to use this API to send a report to
> thirdparty.example (let's imagine thirdparty.example isn't on the
> Disconnect tracking proptection list.)  What data is leaked to
> thirdparty.example as part of those reports?  Do we send
> credentials/referrer?
>

A report contains the origin and the credentials, plus the body of course.
This doesn't seem different than a .

In general, I agree with your concern, and I would like more people to take
a close look at how Reporting API can be abused. As I said,
ReportingObserver seems fine. Report-to needs a better integration with
url-classifier and content blocking before being shipped.
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

[desktop] Bugs logged by Desktop Release QA in the last 7 days

Re: Intent to implement: report-to header as part of Reporting API

2 matches

Site Navigation

Mail list logo

Footer information