canmove, Confirmed users
285
edits
SecurityEngineering/MeetingNotes/06-14-12: Difference between revisions
SecurityEngineering/MeetingNotes/06-14-12 (view source)
Revision as of 22:15, 21 June 2012
, 21 June 2012→Additional Items
(Created page with "=== Standing Agenda === * Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap * Review ...") |
|||
| Line 19: | Line 19: | ||
=== Additional Items === | === Additional Items === | ||
* Mixed Content. Which option do we select for FF14? | * Mixed Content. Which option do we select for FF14? | ||
Current: [https://people.mozilla.com/~tvyas/SiteIdentity-Current-FF13.jpg Current FF13] | ** Current: [https://people.mozilla.com/~tvyas/SiteIdentity-Current-FF13.jpg Current FF13] | ||
** [https://people.mozilla.com/~tvyas/SiteIdentity-Option1-triangle.jpg Option 1] | ** [https://people.mozilla.com/~tvyas/SiteIdentity-Option1-triangle.jpg Option 1] | ||
** [https://people.mozilla.com/~tvyas/SiteIdentity-Option2-no-triangle.jpg Option 2] (better picture here: https://msujaws.wordpress.com/2012/04/23/an-update-to-site-identity-in-desktop-firefox/comment-page-1/#comments ) | ** [https://people.mozilla.com/~tvyas/SiteIdentity-Option2-no-triangle.jpg Option 2] (better picture here: https://msujaws.wordpress.com/2012/04/23/an-update-to-site-identity-in-desktop-firefox/comment-page-1/#comments ) | ||
| Line 25: | Line 25: | ||
there's a consensus that we prefer 1 over 2. | there's a consensus that we prefer 1 over 2. | ||
* script vs display. What do you guys think? | * script vs display. What do you guys think? | ||
Mixed script: TYPE_SCRIPT, TYPE_XMLHTTPREQUEST, TYPE_STYLESHEET, TYPE_OBJECT, TYPE_SUBDOCMENT, TYPE_WEBSOCKET | **Mixed script: TYPE_SCRIPT, TYPE_XMLHTTPREQUEST, TYPE_STYLESHEET, TYPE_OBJECT, TYPE_SUBDOCMENT, TYPE_WEBSOCKET | ||
Mixed display: TYPE_IMAGE, TYPE_SUBDOCUMENT, TYPE_PING, TYPE_FONT, TYPE_MEDIA, TYPE_WEBSOCKET | **Mixed display: TYPE_IMAGE, TYPE_SUBDOCUMENT, TYPE_PING, TYPE_FONT, TYPE_MEDIA, TYPE_WEBSOCKET | ||
Necko already blocks mixed websockets, so that case is probably redundant, but I didn't want people to wonder why it wasn't explicitly handled. websockets belong w/XHR. So does "Event Source" | **Necko already blocks mixed websockets, so that case is probably redundant, but I didn't want people to wonder why it wasn't explicitly handled. websockets belong w/XHR. So does "Event Source" | ||
Some load types, like TYPE_XBL and TYPE_REFRESH, didn't appear to make sense in this context, so I ignored them | **Some load types, like TYPE_XBL and TYPE_REFRESH, didn't appear to make sense in this context, so I ignored them | ||
TYPE_SUBDOCUMENT - should be MixedScript because it could contain references to scripts and contains inline scripts. | **TYPE_SUBDOCUMENT - should be MixedScript because it could contain references to scripts and contains inline scripts. | ||
TYPE_WEBSOCKET - should be MixedScript. same as xhr. | **TYPE_WEBSOCKET - should be MixedScript. same as xhr. | ||
TYPE_FONT - Fonts may have scripting in them, but they aren't run in page. So okay as mixed display. | **TYPE_FONT - Fonts may have scripting in them, but they aren't run in page. So okay as mixed display. | ||
TYPE_PING - if put ping in <a> tags. Can't talk to the page, etc. | **TYPE_PING - if put ping in <a> tags. Can't talk to the page, etc. | ||
* Changes to phishing, malware, and cert error pages coming up - https://bugzilla.mozilla.org/show_bug.cgi?id=756926. Debate over colors of the buttons. | * Changes to phishing, malware, and cert error pages coming up - https://bugzilla.mozilla.org/show_bug.cgi?id=756926. Debate over colors of the buttons. | ||
Network error: http://screencast.com/t/GincXyxP5 | Network error: http://screencast.com/t/GincXyxP5 | ||