Firefox3/Viewport Security Review: Difference between revisions
< Firefox3
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
== Security and Privacy == | == Security and Privacy == | ||
* What security issues do you address in your project? | * What security issues do you address in your project? | ||
** A META tag that was previously ignored is now parsed with string iterators. The code is short and looks fine. | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
** no | |||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
** The code assumes that the string can be iterated over until the end is reached. It does not assume that the string is valid in any way. | |||
== Exported APIs == | == Exported APIs == | ||
Revision as of 18:23, 6 August 2008
Overview
The feature adds content-side parsing of the viewport meta tag.
- Background links
Security and Privacy
- What security issues do you address in your project?
- A META tag that was previously ignored is now parsed with string iterators. The code is short and looks fine.
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- no
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
- The code assumes that the string can be iterated over until the end is reached. It does not assume that the string is valid in any way.
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- Does it interoperate with a web service? How will it do so?
- Explain the significant file formats, names, syntax, and semantics.
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- Does it change any existing interfaces?
Module interactions
- What other modules are used (REQUIRES in the makefile, interfaces)
Data
- What data is read or parsed by this feature
- What is the output of this feature
- What storage formats are used
Reliability
- What failure modes or decision points are presented to the user?
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- What ranges for the tunable are appropriate? How are they determined?
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?