WebAPI/WidgetAPI: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 37: Line 37:
**getVisible()
**getVisible()
**purgeHistory()
**purgeHistory()
*Navigation methods
**reload()
**stop()


*Event methods
*Event methods
Line 52: Line 48:
**mozbrowserloadend
**mozbrowserloadend
**mozbrowserloadstart
**mozbrowserloadstart


==== Security sensitive ====
==== Security sensitive ====
Line 60: Line 55:


*getScreenshot()
*getScreenshot()
*Navigation methods
**getCanGoBack()
**goBack()
**getCanGoForward()
**goForward()


*Events
*Events
Line 77: Line 66:
**mozbrowsertitlechange - discloses title, privacy issue.
**mozbrowsertitlechange - discloses title, privacy issue.
**mozbrowseropensearch - I assume this discloses the link value, maybe a privacy issue?
**mozbrowseropensearch - I assume this discloses the link value, maybe a privacy issue?
== no use case ==
*Navigation methods
**<strike>reload()</strike>
**<strike>stop()</strike>
**<strike>getCanGoBack()</strike>
**<strike>goBack()</strike>
**<strike>getCanGoForward()</strike>
**<strike>goForward()</strike>


==Bugs==
==Bugs==

Revision as of 08:45, 22 May 2014

Goals

The widget API allows privileged APPs have ability to embed APPs in their own iframe, i.e. homescreen, lockscreen ....etc.

Use case

Proposal

embed-widgets bug 1005818

In order to expose to privileged APPs and consider security issue.

  • "embed-widgets" is a new permission for "mozapp" attribute, it comes from 'embed-apps' but is more restricted. Please refer to next section.
  • Set manifest entry in "widget" attribute.
 <iframe mozapp="manifesturl" widget="mywidget1">

extend manifest.webapp

Declare details of widget in mainfest. 

 {
   name: "MyApp2000",
   ...
   widgets: {
     "mywidget1": {
       href: "widget.html"
       positions: ["homescreen", "lockscreen"]
       description: "This is my cool widget"
      },
      "myotherwidget": { ... }
   }
 }

Restriction

Issues under discussion

Browser API

Need to clarify which methods/Events are safe or unsafe.

Not security sensitive

  • Performance methods
    • setVisible()
    • getVisible()
    • purgeHistory()
  • Event methods
    • addNextPaintListener()
    • removeNextPaintListener()
  • Events
    • mozbrowserasyncscroll
    • mozbrowserclose
    • mozbrowsererror
    • mozbrowserloadend
    • mozbrowserloadstart

Security sensitive

  • Event methods
    • sendMouseEvent() - cross-origin interaction, can cause unexpected actions in web apps
    • sendTouchEvent() - cross-origin interaction, can cause unexpected actions in web apps
  • getScreenshot()
  • Events
    • mozbrowserusernameandpasswordrequired - leaks host and realm
    • mozbrowseropenwindow (i.e. window.open)
    • mozbrowsershowmodalprompt (i.e. alert(), confirm(), prompt())
    • mozbrowsercontextmenu
    • mozbrowsersecuritychange - can tell is page is https or not
    • mozbrowserlocationchange - discloses URL (can contain secrets)
    • mozbrowsericonchange - discloses the icon URL. Might be a privacy issue.
    • mozbrowsertitlechange - discloses title, privacy issue.
    • mozbrowseropensearch - I assume this discloses the link value, maybe a privacy issue?

no use case

  • Navigation methods
    • reload()
    • stop()
    • getCanGoBack()
    • goBack()
    • getCanGoForward()
    • goForward()

Bugs

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/WidgetAPI&oldid=981603"