ARIA membership and role="password"

2016-06-02 Thread Jonathan Kingston
Hey, So I was just informed that Mozilla isn't a member of the ARIA working group which shocked me, we have however had a hand in the spec over the years (I have cc'd those mentioned). I notice over the years some disappointment with the spec as it being a separate module to

Re: We should drop MathML

2017-02-15 Thread Jonathan Kingston
Hi Phil, I'm going to say this isn't a plan I am aware of (the email you responded to is pretty old and no know progression since then). Various bugs are still being raised about modern MathML support (stylo is a new integration of servo's CSS rendering as part of the quantum project -

Re: Revocation protocol idea

2017-03-22 Thread Jonathan Kingston
threat is considered the result of both potential >> risk and chances of actual misuse. The revocation protocol reduces >> threatening situations by minimising the number of Web properties abusing >> the APIs. >> >> As a side effect, it provides the infrastructure for a

Re: Revocation protocol idea

2017-03-08 Thread Jonathan Kingston
Hey, What would be the advantage of using this over the safesite list? Obviously there would be less broken sites on the web as we would be permitting the site to still be viewed by the user rather than just revoking the permission but are there other advantages? On Sun, Mar 5, 2017 at 4:23 PM,

Re: Ambient Light Sensor API

2017-04-24 Thread Jonathan Kingston
As mentioned a permission prompt isn't great. In it's current state it should probably be considered a "powerful feature" that we can remove just for secure context. Granted this doesn't fix the exploit mentioned here though. Freddy highlighted that the spec itself suggests the Generic Sensor

Re: Ambient Light Sensor API

2017-04-24 Thread Jonathan Kingston
t; : https://www.w3.org/TR/orientation-event/#security-and-privacy We don't do those measures from what I can see. Can we make the webIDL represent this requirement for requiring secure context instead? Thanks Jonathan On Mon, Apr 24, 2017 at 2:41 PM, Jonathan Kingston <j...@mozil

Re: Intent to Remove: Insecure use of WebCrypto

2017-08-13 Thread Jonathan Kingston
Hey Tim, The only questions I have about this our are difference in implementation over Chrome the more we increase the use of [SecureContext] the greater risk we put on compat bugs. Our implementation differs in that we actually abide to the specification on window.opener insecure contexts

Re: Ambient Light Sensor API

2017-04-26 Thread Jonathan Kingston
Auth related images are the attack vector, that and history attacks on same domain. On Tue, Apr 25, 2017 at 11:17 PM, Salvador de la Puente < sdelapue...@mozilla.com> wrote: > Sorry for my ignorance but, in the case of Stealing cross-origin resources, > I don't get the point of the attack. If

Re: Ambient Light Sensor API

2017-04-25 Thread Jonathan Kingston
CSS may implement a 3 state light level for most use cases of this metric, I would suggest that would be much better. According to the removal bug I raised, it looks like the spec has vastly changed anyway: https://bugzilla.mozilla.org/show_bug.cgi?id=1359076#c7 I have a patch ready to measure

Re: Ambient Light Sensor API

2017-04-25 Thread Jonathan Kingston
Those stats aren't the old version of the spec, Google is pushing this constructor version however the old version as mentioned in the issues is event driven. We perhaps remove safely for insecure based on previous comments though. On Tue, Apr 25, 2017 at 4:46 PM, Eric Rescorla

Containers graduation from Test Pilot - we still care about 57+

2017-09-23 Thread Jonathan Kingston
Hi All, TL;DR - containers is going well, we made it a web extension and it will continue on addons.mozilla.org I just wanted to highlight that we have graduated our extension of Test Pilot Containers to be on AMO: https://addons.mozilla.org/en-GB/firefox/ addon/multi-account-containers/ We

Re: Containers graduation from Test Pilot - we still care about 57+

2017-10-04 Thread Jonathan Kingston
Also AMO is accessible to 57 users to download from there instead too :) On Tue, Oct 3, 2017 at 4:09 PM, Andrew McKay wrote: > Just to close the loop on this thread, in 57 this will no longer > disable multi-e10s. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1404098 > >

Intent to ship: Changes to ‘X-Frame-Options: SAMEORIGIN’

2017-11-27 Thread Jonathan Kingston
Currently XFO only enforces same origin checks of the loading frame against the top-level document when the SAMEORIGIN value is set[1][2]. However, XFO does not check the entire ancestor chain before making a decision whether the load should be allowed or blocked. In more detail, a load of: a.com

Intent to ship: Treating object subrequests as mixed active content

2017-11-27 Thread Jonathan Kingston
Currently our mixed content blocker implementation treats object subrequests as mixed passive content. As part of our plan to deprecate insecure connections we are going to block insecure subrequests in flash. Mostly because such subrequests can contain data or functionality which might be

Re: Intent to ship: Treating object subrequests as mixed active content

2017-11-27 Thread Jonathan Kingston
ecure". Thanks Jonathan On Mon, Nov 27, 2017 at 4:33 PM, Alex Gaynor <agay...@mozilla.com> wrote: > How does this behavior compare with other browsers? > > Alex > > On Mon, Nov 27, 2017 at 7:47 AM, Jonathan Kingston <j...@mozilla.com> > wrote: > >> C

Re: W3C Proposed Recommendations: WAI-ARIA and Core Accessibility API Mappings

2017-11-30 Thread Jonathan Kingston
*The changelog might be slightly jumbled.* The only involvement I had was with the password role. I think both lines should be removed from the changelog as they add confusion based on their current placements (it reads as if it was in 1.0 and since removed). *Thoughts* We should ensure ARIA

Re: Intent to ship: Changes to ‘X-Frame-Options: SAMEORIGIN’

2017-11-27 Thread Jonathan Kingston
er websites actually could have content of their own website presented within for example an advert network on the site. Thanks Jonathan On Tue, Nov 28, 2017 at 1:51 AM, Luke Crouch <lcro...@mozilla.com> wrote: > On Monday, November 27, 2017 at 9:32:20 AM UTC-6, Jonathan Kingston wrote: &g

Re: W3C Proposed Recommendations: WAI-ARIA and Core Accessibility API Mappings

2017-12-01 Thread Jonathan Kingston
asking for this feature. My concern is that the spec authors have done exactly this for other parts of ARIA. Thanks Jonathan On Fri, Dec 1, 2017 at 2:37 AM, David Bolter <dbol...@mozilla.com> wrote: > Hi Jonathan, > > On Thu, Nov 30, 2017 at 9:23 PM, Jonathan Kingston <j...@mozil

Intent to remove Ambient Light and Proximity sensor APIs

2017-12-17 Thread Jonathan Kingston
I am suggesting the removal of both Ambient Light and Proximity Sensor APIs via a preference so we can ensure there is no adverse impact to the web with a quick mitigation if needed. If there are no issues with this, I plan to push the code early in the new year to account for the holiday

Re: Intent to remove Ambient Light and Proximity sensor APIs

2017-12-18 Thread Jonathan Kingston
makers to ship them despite their improvements. Thanks On Mon, Dec 18, 2017 at 7:52 AM, Gervase Markham <g...@mozilla.org> wrote: > On 17/12/17 15:29, Jonathan Kingston wrote: > > I am suggesting the removal of both Ambient Light and Proximity Sensor > APIs > > via a preferen

Intent to remove pcast and feed protocols

2017-12-12 Thread Jonathan Kingston
We have a two feed handling protocols that were never standardised and aren't implemented in other browsers. These protocols have been subject to various security bugs and also contribute to some technical debt. The protocols are used to route URLs in Firefox to the feed reader. The feed reader

Re: Still-supported cases of out-of-tree XPCOM code?

2017-11-16 Thread Jonathan Kingston
> Code search wouldn't have helped *this* case, but considering how useful https://dxr.mozilla.org/addons/ has been previously, the notion of there still existing out-of-tree XPCOM callers but them being dark matter code search-wise worries me. This was failing for quite some time, we kept ahead

Re: Any intent to implement the W3C generic sensor API in Firefox?

2017-11-06 Thread Jonathan Kingston
> Does this API avoid the problems described in https://groups.google.com/forum/#!topic/mozilla.dev.platform/45XApRxACaM ? Which specific issues? The API in the specification is promise ready by using the permissions API, is behind a permission prompt and requires a secure context. My

Intent to unship http-equiv cookies

2018-05-10 Thread Jonathan Kingston
Meta tags provide equivalent behaviour to sending HTTP headers via the “http-equiv” attribute. Set-Cookie can be used to provide cookies to the user via this attribute: However this behaviour isn’t restrictable via a Content Security Policy. This gives an attacker the ability to change a users

Re: Intent to Unship: Application Cache over Insecure Contexts

2018-05-10 Thread Jonathan Kingston
thank you! https://github.com/w3c/web-platform-tests/commit/bf17459a71ff4d1ea280bae54dd046ecf86e0628 On Fri, Feb 2, 2018 at 2:58 PM, Jonathan Kingston <j...@mozilla.com> wrote: > This has now landed into central and appears to be sticking: > https://www.fxsitecompat.com/en-CA/docs/

Intent to ship: Element.toggleAttribute

2018-06-27 Thread Jonathan Kingston
Many JavaScript libraries exist to toggle attributes in the DOM. By moving this to the web platform we will simplify the boilerplate developers have to use. This method will behave similar to Element.classList.toggle, this will allow developers to pass an argument of the attribute to toggle:

Re: overly strict eslint rules

2017-12-24 Thread Jonathan Kingston
I'm not sure on the exact rule that was failing. However having failed code reviews that would pass in one part of the codebase can be pretty frustrating. I would rather stylistic errors come from automated tests and such that checking of algos and so on can be focused on in a code review.

Re: Intent to unship: navigator.registerContentHandler()

2018-01-09 Thread Jonathan Kingston
I would like to see the expansion of this feature here, especially for handling more types of content. Chrome has been working on Web Share Target API[1] which somewhat overlaps this behaviour and could be expanded to cope with the use cases here. I actually think web sharing is the answer here,

Re: Device Orientation API future

2018-01-11 Thread Jonathan Kingston
We have three categories of solutions suggested here: - Throttling - An explicit gesture to approve using the API - A prompt We might be able to do some/all of those depending on the situation. Is there anything else I have missed that has been suggested? I honestly would like to request we do

Fwd: Password autofilling

2018-01-08 Thread Jonathan Kingston
enshots above) which works the same with or without this change. Can we move to making signon.autofillForms = false the default on Nightly and Early Beta and see if we have issues? Kind regards Jonathan (Sorry for the super tiny images, dev-platform blocks bigger ones) On Wed, Jan 3, 2018 at 2:51 A

Re: Password autofilling

2018-01-08 Thread Jonathan Kingston
So it turns out dev-platform is plain text. Here is a link explaining the states instead: https://imgur.com/a/JO6pk Thanks Jonathan On Mon, Jan 8, 2018 at 2:10 PM, Jonathan Kingston <j...@mozilla.com> wrote: > I wanted to follow up to make it clear what the change would look like.

Intent to Unship: Application Cache over Insecure Contexts

2018-01-18 Thread Jonathan Kingston
code will produce an additional developer console warning about the removal timeline. In Nightly and Early beta for 60; the pref will be set to false removing the API. In Firefox 62 Stable I plan to switch the pref to false if no further issues arise. Kind regards Jonathan Kin

Re: Password autofilling

2018-01-18 Thread Jonathan Kingston
s above) which works the same with or without this change. Can we move to making signon.autofillForms = false the default on Nightly and Early Beta and see if we have issues? Kind regards Jonathan On Wed, Jan 3, 2018 at 2:51 AM, Jonathan Kingston <j...@mozilla.com> wrote: > There are so

Intent to Unship: Application Cache over Insecure Contexts

2018-01-18 Thread Jonathan Kingston
AppCache is a powerful feature on the web that permits a web page to be viewed offline. This increases the risk that a user is unaware of the source of the web page content when browsing over HTTP. Besides fundamental issues with AppCache, which are summarized in this article

Re: Intent to Unship: Application Cache over Insecure Contexts

2018-01-19 Thread Jonathan Kingston
> Its been suggested before that we could leave the applicationCache global in place, but just make it do nothing in insecure contexts. I did see this idea of keeping the applicationCache global in one of the bugs, I think if we have breakage we could try this as a follow up piece of work along

Re: Password autofilling

2018-01-21 Thread Jonathan Kingston
ck to an authenticated session. > > -tom > > * Can we detect that? I'm hoping we can get it correct 'most' of the > time, but it would still have edge cases. > ** Ignoring user fingerprinting =) > > On Mon, Jan 8, 2018 at 8:21 AM, Jonathan Kingston <j...@mozilla.com> wro

Re: Requiring secure contexts for new features

2018-01-16 Thread Jonathan Kingston
> One potential resolution to that sort of problem is to ship in secure contexts anyway and ask other browsers to do the same. It would be really great from a HTTPS adoption standpoint if we can hold back as many features from being shipped to insecure contexts. Perhaps Firefox could ship new

Re: Device Orientation API future

2018-01-11 Thread Jonathan Kingston
> Specifically: I was wondering about the real impact of the webvr polyfill not working, on Firefox users. My mention of the work implementing WebVR was pointing out that we will hopefully not need to worry about the webvr-polyfil working on Gecko-based browsers in the not-to-distant future,

Re: Intent to Unship: Application Cache over Insecure Contexts

2018-02-02 Thread Jonathan Kingston
at 6:55 PM, Jonathan Kingston <j...@mozilla.com> wrote: > > Its been suggested before that we could leave the applicationCache > global in place, but just make it do nothing in insecure contexts. > > I did see this idea of keeping the applicationCache global in one of the > bu

Intent to Unship: registerProtocolHandler() over insecure contexts

2018-02-05 Thread Jonathan Kingston
registerProtocolHandler() gives a webpage a mechanism to register itself to control a protocol after a user consents. For example, a chat application could control the irc: scheme (named protocol in the API). Chromes current telemetry suggests a usage of 0.002836% on insecure pages which is low

Re: Chrome will start marking HTTP pages as "Not secure"

2018-02-09 Thread Jonathan Kingston
Hey, So we have two issues here: - We have less testing on security.insecure_connection_text.enabled - security.insecure_connection_icon.enabled is a lot heavier handed as MT notes and also we use this for insecure passwords too. We also have the pbmode variants if we wanted both enabled when in

Intent to ship experimental Mixed Content upgrading (Nightly only)

2018-02-21 Thread Jonathan Kingston
We are experimenting with ways to eliminate insecure content on secure pages, while increasing HTTPS adoption. With bug 1435733 , we are adding an experimental pref to upgrade all mixed passive content. The pref is enabled in Nightly-only by

Password autofilling

2018-01-01 Thread Jonathan Kingston
A recent research post[1] have highlighted the need for Firefox to disable autofilling of credentials. The research post suggests web trackers are using autofilling to track users around the web. Currently we take the stance to require user interaction for addresses and credit card filling,

Re: Password autofilling

2018-01-02 Thread Jonathan Kingston
ing however I don't expect the pref is discoverable to most. [4] https://twitter.com/estark37/status/947667756400361474 On Tue, Jan 2, 2018 at 5:23 PM, Axel Hecht <l...@mozilla.com> wrote: > Am 02.01.18 um 17:22 schrieb Gijs Kruitbosch: > > On 01/01/2018 20:08, Jonathan Kingston wro

Device Orientation API future

2017-12-21 Thread Jonathan Kingston
e on its own - We could place these events behind a permission prompt preventing drive by usage; a big problem with this suggestion is that it’s unclear what to ask the user - Restrict access to only the active tab Kind regards, Anne van Kesteren, Jonathan Kingston, and Frederik Braun [1] https

Intent to unship: navigator.registerContentHandler()

2018-01-03 Thread Jonathan Kingston
I am suggesting the removal of navigator.registerContentHandler API used to register a web page to handle content types. Firefox has an implementation that only can be used to allow a web page to handle RSS feeds.

Re: Device Orientation API future

2018-01-03 Thread Jonathan Kingston
>> > >> Ideas to reduce user risk from the current API: > >> > >> - Dialling down the precision of this event or frequency it is fired > from > >> 60hz to 5hz however this would limit it’s usage in Web VR. > >> > >> - Restrict to secu

Re: Intent to unship: navigator.registerContentHandler()

2018-01-03 Thread Jonathan Kingston
<mi...@mozilla.com> wrote: > Hi Jonathan, > > > On Jan 3, 2018, at 9:15 AM, Jonathan Kingston <j...@mozilla.com> wrote: > > There is a small risk of breakage that we could decide to delay and > instead > > implement telemetry. However if the site is feature

Re: Intent to remove Ambient Light and Proximity sensor APIs

2018-03-01 Thread Jonathan Kingston
As an update here the code has landed in 60 from https://bugzilla.mozilla.org/show_bug.cgi?id=1359076 This adds: - Deprecation warnings for DeviceOrientation and DeviceMotion sensors. - Deprecation errors for AmbientLight and Proximity sensors. - Preferences to control all 4 sensors

Re: Intent to ship: Treating object subrequests as mixed active content

2018-03-01 Thread Jonathan Kingston
rates too. I suspect that we will make this change in stable 62 but we won't know until late Beta of these numbers. On Mon, Nov 27, 2017 at 5:11 PM, Jonathan Kingston <j...@mozilla.com> wrote: > My understanding is all other browsers will still would load this request. > > Chrome mark

Re: Intent to ship experimental Mixed Content upgrading (Nightly only)

2018-03-01 Thread Jonathan Kingston
This experiment has ended early so we can add some more telemetry to decide on the next steps here. I will send out a new notice when we do the next update to this. On Wed, Feb 21, 2018 at 6:54 PM, Jonathan Kingston <j...@mozilla.com> wrote: > > We are experimenting with ways

Intent to unship xml:base

2018-11-29 Thread Jonathan Kingston
Since the deprecation of this feature the usage of this feature has reached near 0 numbers in our usage counters[1]. 0.003% based on 64 beta [2] The specification has removed xml:base many years ago and this change has an advantage of code simplification and also reduces the need to compute base

Re: Intent to unship xml:base

2018-11-29 Thread Jonathan Kingston
Sorry I forgot to link to the bug itself: https://bugzilla.mozilla.org/show_bug.cgi?id=903372 which hasn't changed from last time. On Thu, Nov 29, 2018 at 8:18 PM Jonathan Kingston wrote: > > Since the deprecation of this feature the usage of this feature has > reached near 0 numbe

Intent to unship AppCache

2019-08-21 Thread Jonathan Kingston
The design of AppCache brings many problems to the web platform from a performance and security perspective. Service workers have long solved the same use cases as AppCache. Removal of this code would bring a large reduction of code and complexity that is largely unmaintained. History Four

Re: Intent to unship AppCache

2019-08-29 Thread Jonathan Kingston
t, too? > > On Wed, Aug 21, 2019 at 5:01 PM Jonathan Kingston wrote: > >> The design of AppCache brings many problems to the web platform from a >> performance and security perspective. Service workers have long solved the >> same use cases as AppCache. >> >

Intent to unship X-Frame-Options: Allow-From

2019-07-23 Thread Jonathan Kingston
Allow-From is a value that is currently only supported by Firefox and Internet Explorer/Edge. With Edge moving to a Chromium source base this will mean Firefox will be the only implementer of this part of the standard. Chrome marked an issue to support allow-from as wont-fix:

Re: Intent to unship:

2019-06-14 Thread Jonathan Kingston
ease. On Fri, Jun 14, 2019 at 12:02 PM Henri Sivonen wrote: > On Fri, Jun 14, 2019 at 1:24 PM Jonathan Kingston wrote: > > Most of the use cases are resolved by web crypto or u2f. > > Thanks for the removal. Do we have enterprise Web developer-facing > documentation on 1) how TL

Intent to unship:

2019-06-14 Thread Jonathan Kingston
has been removed in Chrome since version 56 in Jan 2017 and never was implemented in Internet Explorer or Edge. The element has also been removed from the HTML specification: https://github.com/w3c/html/issues/43 Firefox's implementation never matched the specification completely as the parser