Firefox3.1/SMIL Security Review: Difference between revisions
Jump to navigation
Jump to search
| Line 10: | Line 10: | ||
== Security and Privacy == | == Security and Privacy == | ||
* What security issues do you address in your project? | * What security issues do you address in your project? | ||
** None. | |||
None. | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
** No. There will only be one pref, to enable/disable SMIL support, which will (initially) default to being disabled. | |||
No. | |||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
Revision as of 20:43, 3 September 2008
Overview
Describe the goals and objectives of the feature here.
- Background links
- Bug 216462: Main SMIL bug
- SVG 1.1 Spec's Animation Section
- SMIL Animation Spec
- Brian Birtles' writeup
Security and Privacy
- What security issues do you address in your project?
- None.
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- No. There will only be one pref, to enable/disable SMIL support, which will (initially) default to being disabled.
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- nsIDOMElementTimeControl.idl
- boolean beginElement()
- boolean beginElementAt(in float offset)
- boolean endElement()
- boolean endElementAt(in float offset)
- nsIDOMSVGAnimationElement.idl
- float getStartTime()
- float getCurrentTime()
- float getSimpleDuration()
- nsIDOMSVGAnimateElement.idl, nsIDOMSVGAnimateTransformElement.idl, nsIDOMSVGSetElement.idl
- Subclass nsIDOMSVGAnimationElement; don't add any functions.
- nsIDOMElementTimeControl.idl
- Does it interoperate with a web service? How will it do so?
- No.
- Explain the significant file formats, names, syntax, and semantics.
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- They're documented in the SVG & SMIL Animation specs.
- We could probably use up-to-date documentation on MDC detailing what we support.
- Does it change any existing interfaces?
- It adds implementations for these methods on nsIDOMSVGSVGElement.idl, which previously all just returned NS_NOTYETIMPLEMENTED:
- void pauseAnimations()
- void unpauseAnimations()
- boolean animationsPaused()
- float getCurrentTime()
- void setCurrentTime(in float seconds)
- It adds implementations for these methods on nsIDOMSVGSVGElement.idl, which previously all just returned NS_NOTYETIMPLEMENTED:
Module interactions
- What other modules are used (REQUIRES in the makefile, interfaces)
- gfx, layout, content, dom
Data
- What data is read or parsed by this feature
- The values of the SVG <animate>, <set>, and <animateTransform> elements' attributes. These consist of semicolon-separated lists of values, time values, ...
- The SMIL patch adds the class "nsSMILParserUtils," which takes care of its parsing needs.
- What is the output of this feature
- Animations (animated attributes) in SVG documents that would otherwise be static.
- What storage formats are used
Reliability
- What failure modes or decision points are presented to the user?
- None.
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
- N/A -- no files or locks used.
Configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Yes: I'm planning on using an about:config pref to allow the user to enable/disable SMIL. (Either using the existing image.animation_mode pref, or adding a smil-specific pref)
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- Yes: "ac_add_options --enable-smil". (The current patch defaults to having SMIL support disabled.)
- What ranges for the tunable are appropriate? How are they determined?
- Enabled / Disabled
- One possible additional about:config value: I had a request in IRC for the about:config pref to have a value that would show animations *only* in standalone SVG but not in SVG-embedded-in-HTML, for performance reasons. Haven't given this much thought yet, and I'm not sure how big of a use case it is.
- This additional value would mean we'd need the about:config pref to be SMIL-specific (not the shared image.animations_enabled one), and would need to be string-valued rather than bool-valued.
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
- N/A
Relationships to other projects
- Are there related projects in the community?
- Opera and WebKit both support subsets of SMIL. FakeSMIL is a Greasemonkey script that uses Javascript to add partial SMIL support to Firefox.
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- This proposal is parallel to their work, adding built-in SMIL support to Firefox.
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?
- No & N/A -- I'm not updating, copying or changing functional areas maintained by other groups.