February 9, 2007

Weekly Status 2007-02-09

Now I've started spending a lot more time working on Mozilla things, I've started doing a weekly status report for Frank. I'm also going to post it here (well, most of it :-) in case it's of interest.

This Week

  • Continued to knock the list of outstanding CA applications into shape
  • Started a discussion on whether we should admit "regional CAs"
  • Got on top of my mail backlog, and started to knock off a few longer term mini-projects
  • Tried to do some textual analysis on the contents of the mozilla.feedback newsgroup (from Hendrix)
  • Found some people to maintain the Effective TLD list
  • Worked on b.m.o. security group reorganisation proposal (discussion in mozilla.dev.security)
  • Tried out Passpet Firefox extension; couldn't get it working
  • Participated in EV discussions in mozilla.dev.security
  • Submitted proposal to talk at OSCON - "Beyond the Lock: Browser Security UI For The Distracted", in cooperation with Mike Beltzner

Next Week

  • Will begin to evaluate actual CA requests
  • Hope to get started on master list of CAs (blocked on getting format and list of required info from Frank)
  • Work on Content Restrictions patch as part of Firefox 3.0 (waiting for design help from dveditz)

Does anyone have a Wiki-to-HTML bookmarklet?

Posted by gerv at February 9, 2007 5:43 PM
Comments

Content Restrictions ... interesting stuff.

For "script", I think "same host", "same domain" (-> use effective TLD service) and "same path" (implies same host) should be added.
Also, it becomes clear that there's no straight hierarchy. You would have three groups: source (internal, external), position (head) and origin (domain, host, path). Either you define three names or you allow to combine the value groups, e.g.: script=external+host+head

Posted by: Dao at February 10, 2007 1:00 AM

Ok, there's already "domain" ... I should have read to the end before posting. However, I wouldn't want to restrict "all requests initiated by the page" but only scripts.

Posted by: Dao at February 10, 2007 1:04 AM

Dao: but what about web bugs? It's not only script which can be XSSed into a page to do nasty-ish things.

You are right - it would make good sense to split up script location and script in-page position.

Posted by: Gerv at February 12, 2007 12:50 PM

"Does anyone have a Wiki-to-HTML bookmarklet?"

Actually, I don't, but you may be interested in Wiki2Xhtml

http://www.fgranger.com/dotclear/index.php/tag/wiki2xhtml


--Tristan

Posted by: Tristan at February 13, 2007 8:47 AM