Firefox3.1/Blocklisting Security Review: Difference between revisions

 
Line 128: Line 128:
* Need to check that a bad certificate error when retrieving the blocklist is handled correctly
* Need to check that a bad certificate error when retrieving the blocklist is handled correctly
* What do we do if attempts to update the blocklist fail consistently for a long time, the user has no current blocklist
* What do we do if attempts to update the blocklist fail consistently for a long time, the user has no current blocklist
* Change text to point out that only a particular version is blocked, something like "Minefield has determined that the following versions of add-on are known to cause stability or security problem, you might want to check for updates."
* Change text to point out that only a particular version is blocked, something like "Minefield has determined that the following versions of add-on are known to cause stability or security problem, you might want to check for updates." {{bug|468524}}
* Perhaps the blocklist more information url should be https
* Perhaps the blocklist more information url should be https {{bug|468526}}
* We should be escaping the parameters in the blocklist url
* We should be escaping the parameters in the blocklist url {{bug|468527}}
* Perhaps we could speed up blocklist requests in the event of an error
* Perhaps we could speed up blocklist requests in the event of an error
* Should we log blocklist request failures to some console as at least an indication there is a problem
* Should we log blocklist request failures to some console as at least an indication there is a problem
* Check what happens if the plugin regular expression is malformed, try to restrict one typo from breaking the entire blocklist
* Check what happens if the plugin regular expression is malformed, try to restrict one typo from breaking the entire blocklist {{bug|468528}}
* Does the update check any If-Modified-Since header
* Does the update check any If-Modified-Since header
* Should clicking check for updates in the add-ons manager do a blocklist update check as well? This could warn about blocklist update failures more explicitly
* Should clicking check for updates in the add-ons manager do a blocklist update check as well? This could warn about blocklist update failures more explicitly
canmove, Confirmed users
1,567

edits