Re: What is the future of XMLHttpRequest.mozAnon ?

2018-09-14 Thread Frederik Braun
On 14.09.2018 10:08, john.bieling--- via dev-platform wrote: >... mozAnon XHR has advantages in other features over fetch(). Isn't this the same as supplying the crossOrigin:anonymous option to fetch()? ___ dev-platform mailing list

Re: Intent to Implement: Storage Access API

2018-09-10 Thread Frederik Braun
On 09.09.2018 11:05, Mike O'Neill wrote: >> >> We don’t necessarily believe that a model where the user is asked whether >> they consent to sharing their data with third-party trackers is ideal, >> because explaining the implications of the data sharing is very hard, and >> there are many

Re: Intent to implement and ship: Blocking FTP subresources

2018-04-10 Thread Frederik Braun
On 09.04.2018 15:13, Tom Schuster wrote: > Summary: All FTP subresources in HTTPs pages (this also includes blob: > etc) will be blocked. Opening FTP links as toplevel documents is still > possible. > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1404744 > > Platform coverage: All >

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

2018-03-20 Thread Frederik Braun
On 20.03.2018 04:33, Dave Townsend wrote: > The DoH service > we're using is likely more private than anything the user is currently > using. This is only true for some parts of the world. I'd like us not to regress for our user base globally here.

Re: PSA: HTML injection in chrome documents is now automatically sanitized

2018-02-09 Thread Frederik Braun
My bad! This is certainly a bug in the linter. The fix is underway. On 09.02.2018 12:35, Gijs Kruitbosch wrote: > Sorry about the waste of time. :-( > > Re: difficulty: it depends on your measure of 'very'. Internally the > sanitization is whitelist-based. It is used in many places (not just for

Re: PSA: HTML injection in chrome documents is now automatically sanitized

2018-02-02 Thread Frederik Braun
Now would be a great time to file good first bugs. New contributors could rewrite innerHTML and friends into code that uses safer alternatives. On 02.02.2018 08:13, Kris Maglione wrote: > As of bug 1432966, any HTML injected into chrome-privileged documents[1] > is automatically sanitized to

Re: Intent to unship: navigator.registerContentHandler()

2018-01-04 Thread Frederik Braun
On 04.01.2018 04:46, Karl Dubost wrote: > Jonathan, > > Le 4 janv. 2018 à 00:15, Jonathan Kingston a écrit : >> Firefox has an implementation that only can be used to allow a web page to >> handle RSS feeds. > > in Firefox 8, the feeds panel was removed from Firefox. It

Re: Intent to unship: SMIL accessKey support

2017-12-05 Thread Frederik Braun
Excellent! I won't miss it :) On 05.12.2017 08:25, Brian Birtles wrote: > Background: SMIL includes a feature for triggering animations based on > keypresses: > > e.g. > > > > > > Proposal: In bug 1423098 I intend to remove this feature. > > Rationale: > > * Apart from

Re: Intent to implement and ship: CSP exemptions for content injected by privileged callers

2017-10-05 Thread Frederik Braun
On 02.10.2017 18:43, Anne van Kesteren wrote: > On Mon, Oct 2, 2017 at 6:09 PM, Boris Zbarsky wrote: >> On 10/2/17 12:03 PM, Daniel Veditz wrote: >>> Fair enough. Could we propose improvements to the APIs that would make >>> them more usable? For example an object argument to

Re: Intent to implement and ship: CSP exemptions for content injected by privileged callers

2017-10-05 Thread Frederik Braun
On 02.10.2017 18:03, Daniel Veditz wrote: > ​Fair enough. Could we propose improvements to the API​s that would make > them more usable? For example an object argument to createElement() that > contained attribute/value pairs? > > var div = document.createElement("div", null, {"id":"foo", >

Re: Phabricator and confidential reviews

2017-08-10 Thread Frederik Braun
Having both reported, fixed and reviewed security bugs, I feel an uni-directional sync from Phabricator to BMO is not going to cut it. I think it will be unexpected for most users and might just lead to additional "why can I not see the patch" bug comments. I understand that it's more work, but I

Re: Intent to remove: sensor APIs

2017-08-02 Thread Frederik Braun
As mentioned in thread, we will not disable deviceorientation. Please see below. On 02.08.2017 15:01, Salvador de la Puente wrote: > I strongly encourage you to take a look at the telemetry stats regarding > the usage of deviceorientation API and other. I don't know the penetration > of proximity

Re: git mirror

2017-07-24 Thread Frederik Braun
You could also look at git-cinnabar. It's a git helper that allows you to talk to HG remotes developed by Glandium, a Mozilla hacker. See for more Hope this helps, Freddy P.S: If you only want to look

Re: More Rust code

2017-07-18 Thread Frederik Braun
On 18.07.2017 06:01, Jim Blandy wrote: > BTW, speaking of training: Jason's and my book, "Programming Rust" will be > available on paper from O'Reilly on August 29th! Steve Klabnik's book with > No Starch Press is coming out soon as well, but I don't know the details > there. > Steve's book is

Re: More Rust code

2017-07-10 Thread Frederik Braun
On 10.07.2017 12:29, Nicholas Nethercote wrote: > > What are the obstacles? Here are some that I've heard. > > - Lack of Rust expertise for both writing and reviewing code. We have some > pockets of expertise, but these need to be expanded greatly. I've heard > that there has been some Rust

Re: Enabling filesystem read-restrictions for content process sandbox

2017-07-06 Thread Frederik Braun
Hooray, this is great news! On 06.07.2017 16:07, Alex Gaynor wrote: > Hi dev-platform, > > On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm > delighted > to announce that starting later this week, our macOS and Windows nightly > builds > will prohibit read access to most of

Re: Ambient Light Sensor API

2017-04-28 Thread Frederik Braun
On 28.04.2017 05:56, Ehsan Akhgari wrote: > On 04/27/2017 08:09 AM, Frederik Braun wrote: >> On 27.04.2017 13:56, smaug wrote: >>> On 04/25/2017 04:38 PM, Ehsan Akhgari wrote: >>>> On 04/24/2017 06:04 PM, Martin Thomson wrote: >>>>> I think that 60

Re: Ambient Light Sensor API

2017-04-27 Thread Frederik Braun
at 2:41 PM, Jonathan Kingston <j...@mozilla.com> >>>> wrote: >>>> >>>>> As mentioned a permission prompt isn't great. >>>>> >>>>> In it's current state it should probably be considered a "powerful >>>>>

Re: Ambient Light Sensor API

2017-04-24 Thread Frederik Braun
ted this to secure contexts? On 24.04.2017 15:24, Frederik Braun wrote: > Hi, > > there is a relatively recent blog post [1] by Lukasz Olejnik and Artur > Janc that explains how one can steal sensitive data using the Ambient > Light Sensor API [2]. > > We ship API and its

Ambient Light Sensor API

2017-04-24 Thread Frederik Braun
Hi, there is a relatively recent blog post [1] by Lukasz Olejnik and Artur Janc that explains how one can steal sensitive data using the Ambient Light Sensor API [2]. We ship API and its enabled by default [3,4] and it seems we have no telemetry for this feature. Unshipping for non-secure

Re: Better download security through browsers

2017-03-28 Thread Frederik Braun
On 27.03.2017 16:21, Daniel Veditz wrote: > On Mon, Mar 27, 2017 at 1:22 AM, Frederik Braun <fbr...@mozilla.com > <mailto:fbr...@mozilla.com>> wrote: > > UI hooks, for the SafeBrowsing > ​ ​ > malicious file checks, where we really, > ​ ​ >

Re: Better download security through browsers

2017-03-27 Thread Frederik Braun
On 24.03.2017 18:24, Mike Hoye wrote: > My 2006 proposal didn't get any traction either. > > https://lists.w3.org/Archives/Public/public-whatwg-archive/2006Jan/0270.html > > > FWIW I still think it'd be a good idea with the right UI. I think we already have _related_ UI hooks, for the

Re: Please do NOT hand-edit web platform test MANIFEST.json files

2017-03-23 Thread Frederik Braun
> Fun fact: lots of JSON documents also evaluate as Python data structures. > So if you prepend "foo = " and throw that into eval(), you can > magically evaluate a JSON document into a Python variable. Of course, > eval() is a security concern. But people blindly execute code in > mozilla-central

Re: The future of commit access policy for core Firefox

2017-03-13 Thread Frederik Braun
On 12.03.2017 04:08, Cameron Kaiser wrote: > On 3/10/17 4:38 AM, Masatoshi Kimura wrote: >> On 2017/03/10 6:53, Mike Connor wrote: >>> - Two-factor auth must be a requirement for all users approving or >>> pushing a change. >> >> I have no mobile devices. How can I use 2FA? >> >>

Re: Is there a way to improve partial compilation times?

2017-03-08 Thread Frederik Braun
Gotcha. Problem for the Berlin office: There are only 3 people who have a desktop and run linux. Two of them are part of our "cluster" :) ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Is there a way to improve partial compilation times?

2017-03-08 Thread Frederik Braun
On 08.03.2017 01:17, Ralph Giles wrote: > I second Jeff's point about building with icecream[1]. If you work in > an office with a build farm, or near a fast desktop machine you can > pass jobs to, this makes laptop builds much more tolerable. > What do you mean by build farm? Do some offices

Re: Intent to implement and ship: only allow Flash on HTTP/HTTPS sites

2017-02-10 Thread Frederik Braun
On 10.02.2017 01:09, Xidorn Quan wrote: > On Fri, Feb 10, 2017, at 04:29 AM, Benjamin Smedberg wrote: >> Will this also prevent loading downloaded .swf files into Firefox? This >> is >>> useful for running Flash games, which tend to work best in the browser >>> (some media players also support

Re: What are your use cases for the Touch Bar on the new MacBook Pro?

2017-01-06 Thread Frederik Braun
Tab Preview that allows quick scrolling Open New Tab (+ Icon) When already in a new tab: Quick access to most visisted websites (like the tiles) On 03.01.2017 18:17, Stephen A Pohl wrote: > We are gathering ideas for possible use cases of the Touch Bar on the > new MacBookPro and would like to

Re: Who loves multiple selection feature in editor?

2016-12-19 Thread Frederik Braun
On 19.12.2016 17:19, glazou wrote: > Le jeudi 15 décembre 2016 10:47:28 UTC+1, masayuki nakano a écrit : > >> So, it might be better to stop supporting multiple selection only in >> editor if the feature is not so loved by users. > > We were already discussing this issue at Netscape 15 years

Re: HTML spec changes about data: URIs and origins

2016-09-13 Thread Frederik Braun
On Tue, Sep 13, 2016 at 5:02 PM, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 9/13/16 8:31 AM, Frederik Braun wrote: >> I'd be happy to add a telemetry probe > > > For what, exactly? What do you propose to measure? > First of all, just to see how much br

HTML spec changes about data: URIs and origins

2016-09-13 Thread Frederik Braun
Firefox treats iframes pointing to a data URL as same-origin. This is all well-known, was part of the HTML spec and has been discussed before [1,2] What has changed now is the HTML spec text[3]: Given that EdgeHTML, Webkit and Blink violated this requirement, the standard now turned around and

Re: Intent to remove:

2016-04-27 Thread Frederik Braun
Strong agreement for removing . Looking at , it seems that Blink was successful in discouraging its use. ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Spidernode/JXCore

2016-04-14 Thread Frederik Braun
There are indeed discussions in nodejs to became more vm agnostic. This was also hinted at in https://github.com/mozilla/spidernode/issues/3 On Thu, Apr 14, 2016 at 6:08 PM, Steve Fink wrote: > On 04/14/2016 06:21 AM, Philip Chee wrote: >> >> On 12/04/2016 19:27, Henri Sivonen

Re: Proposed W3C Charter: TV Control Working Group

2016-03-10 Thread Frederik Braun
On 10.03.2016 08:53, L. David Baron wrote: > On Tuesday 2016-03-01 09:32 +0800, L. David Baron wrote: >> The W3C is proposing a charter for: >> >> TV Control Working Group >> https://www.w3.org/2016/02/tvcontrol.html >> https://lists.w3.org/Archives/Public/public-new-work/2016Feb/0005.html

Re: When the beta version of firefox with e10s would be released?

2015-12-03 Thread Frederik Braun
On 03.12.2015 12:55, Yonggang Luo wrote: > On Thursday, December 3, 2015 at 4:57:28 PM UTC+8, Dave Townsend wrote: >> The developer edition already ships with e10s so you can test against that. > Indeed, I am looking for more stable version I use Developer Edition (aurora) for many years now and

Re: Intent to implement and ship: FIDO U2F API

2015-12-02 Thread Frederik Braun
On 02.12.2015 18:53, Robert O'Callahan wrote: > On Wed, Dec 2, 2015 at 9:37 AM, Eric Rescorla wrote: > >> Are you thinking of something like WebUSB? >> (https://reillyeon.github.io/webusb/)? This is something we've looked at >> a bit but we're still trying to wrap our heads around

Re: ESLint is now available in the entire tree

2015-11-30 Thread Frederik Braun
On 30.11.2015 10:29, Patrick Brosset wrote: > I don't how much work is involved with getting rid of non-standard > spidermonkey syntax and pre-processors, but if it's a lot, then one option > would be to fork the espree parser (used by eslint), make it support those, > and configure eslint to use

Re: Dan Stillman's concerns about Extension Signing

2015-11-27 Thread Frederik Braun
On 27.11.2015 13:16, Gervase Markham wrote: > On 26/11/15 17:13, Mike Hoye wrote: >> Stillman wrote some new code and put it through a process meant to catch >> problems in old code, and it passed. That's unfortunate, but does it >> really surprise anyone that security is an evolving process? That

Re: TIFU by using Math.random()

2015-11-25 Thread Frederik Braun
On 25.11.2015 12:42, Philip Chee wrote: > > > Hopefully Spidermonkey's Math.random() is better. > > Phil > There have been multiple insightful responses on HN and reddit/netsec. The short version is, that

Re: Intent to implement: CSS Mask Image properties

2015-11-10 Thread Frederik Braun
This reads like it could pose similar problems than those we've had with SVG Filters, i.e., repaint timing and history sniffing. https://bugzilla.mozilla.org/show_bug.cgi?id=711043 Who would be a good person to verify / analyze this? On 10.11.2015 08:09, Ku(顧思捷)CJ wrote: > *Summary*: > Intend

Re: Fido U2F, two-factor authentication support

2015-11-05 Thread Frederik Braun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is an experimental add-on being worked on that tries bring U2F support to Firefox. The source code is at , but it has not yet gone through the Add-on review process. Btw, the most important thing about

Re: [feature] open certain domains into a private window

2015-06-24 Thread Frederik Braun
On 24.06.2015 10:09, Karl Dubost wrote: Le 23 juin 2015 à 20:57, Andreas Tolfsen a...@mozilla.com a écrit : Is it an option to register two browser handlers in the operating system for Firefox? nope. Because only Firefox knows based on your preferences which domains you always want in

Modifying Element.prototype for all globals

2015-06-18 Thread Frederik Braun
Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking at the source code). In an ideal world I would write a script along the lines of

Re: Modifying Element.prototype for all globals

2015-06-18 Thread Frederik Braun
On 18/06/2015 13:37, Frederik Braun wrote: Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking at the source code). In an ideal world I

Re: Modifying Element.prototype for all globals

2015-06-18 Thread Frederik Braun
On 18.06.2015 15:51, smaug wrote: On 06/18/2015 03:37 PM, Frederik Braun wrote: Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking

Re: Browser API: iframe.executeScript()

2015-06-17 Thread Frederik Braun
On 16.06.2015 21:41, Paul Rouget wrote: On Tue, Jun 16, 2015 at 9:33 PM, Bobby Holley bobbyhol...@gmail.com wrote: On Tue, Jun 16, 2015 at 12:28 PM, Paul Rouget p...@mozilla.com wrote: The goal is to build a browser in HTML. Not to run a browser in current Firefox Desktop or in Chrome. Ok.

Re: AdBlock Plus as a ServiceWorker?

2015-05-08 Thread Frederik Braun
I thought that the APIs we brought into Firefox by implementing Tracking Protection were supposed to provide a better (canonical?) way to hook your own blocker into Firefox. ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Intent to implement: Metrics API for FxOS data collection

2015-05-04 Thread Frederik Braun
This is going to be a certified API, right? On 01.05.2015 23:43, Tamara Hills wrote: Hi All, Summary: We want to expose a Web API to Gaia to collect metrics for FxOS. This API would leverage the existing Gecko toolkit/components/telemetry capabilities to provide histograms to Telemetry

Re: New Developer Tools Feature: prettifying JSON

2015-04-16 Thread Frederik Braun
On 16.04.2015 11:04, Jan Odvarko wrote: On Thu, Apr 16, 2015 at 10:30 AM, Frederik Braun fbr...@mozilla.com mailto:fbr...@mozilla.com wrote: Running our code in someone else's origin sounds undesired indeed. Not only because of CSP: What if someone puts this in a frame (or a popup

Re: New Developer Tools Feature: prettifying JSON

2015-04-16 Thread Frederik Braun
On 15.04.2015 18:54, Jan Odvarko wrote: … This approach has one security implication, if the page uses default-src 'none' (or other security restrictions?) - injecting JS into it generates warnings: Content Security Policy: The page's settings blocked the loading of a resource at self

Re: Intent to deprecate: Insecure HTTP

2015-04-13 Thread Frederik Braun
On 13.04.2015 20:52, david.a.p.ll...@gmail.com wrote: 2) Protected by subresource integrity from a secure host This would allow website operators to securely serve static assets from non-HTTPS servers without MITM risk, and without breaking transparent caching proxies. Is that a

Re: [meta] Intent to implement and Security Privacy concerns

2015-04-01 Thread Frederik Braun
On 01.04.2015 08:28, Tantek Çelik wrote: One of the suggested additions to intent to implement emails: https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement is a statement regarding Security Privacy concerns, because those have often been noted as brief summary statements

Re: Permission UI

2015-03-03 Thread Frederik Braun
The good news is that most of the complicated bits are already implemented. See about:permissions. Though it operates on hostnames and not origins (bug 1066517). ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Memory management in C programs

2015-01-30 Thread Frederik Braun
On 29.01.2015 21:32, ISHIKAWA, Chiaki wrote: On 2015/01/12 22:46, Philip Chee wrote: One large difference between C and most other programming languages is that in C, you have to handle memory yourself rather than having a garbage collector do it for you. Ensuring that memory is allocated at

Re: [b2g] Script Security Talk @ MozLandia

2014-12-03 Thread Frederik Braun
About recording the talk: We will get recording gear from Rainer Cvillink and I'm happy to help capturing the talk, but I am *terribly* inexperienced in doing this. So any kind of help is very much appreciated! I'll be the tall person who shows up early (my picture on the phonebook is quite

Re: Restricting gUM to authenticated origins only

2014-09-12 Thread Frederik Braun
On 11.09.2014 19:04, Anne van Kesteren wrote: On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote: On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl wrote: Are we actually partitioning permissions per top-level browsing context or could they already accomplish this

Per-origin versus per-domain restrictions (Re: Restricting gUM to authenticated origins only)

2014-09-12 Thread Frederik Braun
On 12.09.2014 11:51, Henri Sivonen wrote: On Fri, Sep 12, 2014 at 12:39 PM, Frederik Braun fbr...@mozilla.com wrote: On 11.09.2014 19:04, Anne van Kesteren wrote: On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote: On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl

Re: Per-origin versus per-domain restrictions (Re: Restricting gUM to authenticated origins only)

2014-09-12 Thread Frederik Braun
On 12.09.2014 12:22, Anne van Kesteren wrote: On Fri, Sep 12, 2014 at 11:56 AM, Frederik Braun fbr...@mozilla.com wrote: Yes and no. I identified this while working on a thesis on the Same Origin Policy in 2012 and filed this only for Geolocation in bug https://bugzilla.mozilla.org

Re: Evaluating adding JOSE and JWS to mozilla-central

2014-08-13 Thread Frederik Braun
Well there is https://github.com/mozilla/jwcrypto which does JWS. It is available in privileged JS through jwcrypto.jsm (i.e. resource://gre/modules/identity/jwcrypto.jsm). There's some code usage for these things in the MobileIdentityManager, Webapps and Payments jsms. On 12.08.2014 19:22,

Re: Unimplement: @-moz-document regexp support?

2014-07-09 Thread Frederik Braun
On 09.07.2014 01:41, Ehsan Akhgari wrote: On 2014-07-08, 6:34 PM, L. David Baron wrote: On Monday 2014-07-07 15:18 -0400, Ehsan Akhgari wrote: That seems pretty bad. I think we should at least stop supporting it for Web content. David, what do you think? I'm ok with restricting it to UA

Unimplement: @-moz-document regexp support?

2014-07-07 Thread Frederik Braun
Summary: Attackers can extract secret URL components (e.g. session IDs, oauth tokens) using @-moz-document. Using the regexp support and assuming a CSS injection (no XSS needed!), the attacker can probe the current URL with some regular expressions and send the URL parameters to a third party. A

Re: Are you interested in doing dynamic analysis of JS code?

2014-06-25 Thread Frederik Braun
Thanks for bringing this to dev-platform. Dynamic analysis is something the security teams are particularly interested in. Especially tainting user input is something we could make use of across the project: Existing security efforts for Firefox OS, Firefox Desktop, Firefox Mobile and our

Re: Overriding the CSP for privileged protocols

2014-06-10 Thread Frederik Braun
There's this bug filed about user overrides for CSPs: https://bugzilla.mozilla.org/show_bug.cgi?id=1014545 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Link coloring in private browsing (Was: Intent to ship: Hyperlink Auditing (a ping))

2014-05-21 Thread Frederik Braun
On 20.05.2014 23:33, Ehsan Akhgari wrote: On 2014-05-20, 2:25 PM, Jonas Sicking wrote: On Fri, May 16, 2014 at 7:45 AM, Justin Dolske dol...@mozilla.com wrote: However we do implement some additional features in private browsing mode. For example we disable link coloring. I'm not sure what

Re: Enhancing product security with CSP for internal pages

2014-04-15 Thread Frederik Braun
On 15.04.2014 00:43, Neil wrote: Frederik Braun wrote: A few months ago I had the idea to add a Content Security Policy (CSP) to our internal pages, like about:newtab for example. So this just applies to about: pages? Primarily yes. I think some people are already working on other bits

Re: Enhancing product security with CSP for internal pages

2014-04-15 Thread Frederik Braun
On 15.04.2014 22:45, Neil wrote: Frederik Braun wrote: On 15.04.2014 00:43, Neil wrote: Frederik Braun wrote: A few months ago I had the idea to add a Content Security Policy (CSP) to our internal pages, like about:newtab for example. So this just applies to about: pages? Primarily

Enhancing product security with CSP for internal pages

2014-04-14 Thread Frederik Braun
Hi folks, For those who don't know me, I'm a Security Engineer working on Firefox OS (mostly Gaia and Gecko things). I have been pursuing a security goal for quite some time now but haven't yet announced this to throughout the project. A few months ago I had the idea to add a Content Security