canmove, Confirmed users
1,567
edits
Firefox3.1/Blocklisting Security Review: Difference between revisions
Firefox3.1/Blocklisting Security Review (view source)
Revision as of 22:38, 2 December 2008
, 2 December 2008→Exported APIs
| Line 36: | Line 36: | ||
== Exported APIs == | == Exported APIs == | ||
* Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | * Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.) | ||
[http://mxr.mozilla.org/mozilla-central/source/xpcom/system/nsIBlocklistService.idl nsIBlocklistService] | |||
* Does it interoperate with a web service? How will it do so? | * Does it interoperate with a web service? How will it do so? | ||
The blocklist is retrieved using a single https request once a day. Information about the application is encoded into the url of the request so that the blocklist can be tailored for the application as necessary. The url used is currently: | |||
<pre> | |||
https://addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/ | |||
</pre> | |||
* Explain the significant file formats, names, syntax, and semantics. | * Explain the significant file formats, names, syntax, and semantics. | ||
The downloaded blocklist is an XML file. Its syntax is described [https://wiki.mozilla.org/Extension_Blocklisting:Code_Design elsewhere]. Very roughly for extensions it contains ID, version and target applications where they should be blocked. For plugins it contains regular expressions to match against the plugin metadata and version and target application information. | |||
Both extension and plugin blocks may contain a severity that allows the block to be changed to only warn the user. | |||
* Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | ||
The IDL documentation is all that exists though it is fairly self explanatory. It is not really expected that non-Mozilla developers would be using this interface though. | |||
* Does it change any existing interfaces? | * Does it change any existing interfaces? | ||
The new severity feature required [http://www.oxymoronical.com/experiments/apidocs/compare/interface/nsIBlocklistService/1.9.1b2/1.9.0.0 additive changes] to the interfaces | |||
== Module interactions == | == Module interactions == | ||