Closed
Bug 734931
Opened 12 years ago
Closed 12 years ago
Infrasec review for new JS social sharing library
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cmore, Assigned: ygjb)
References
Details
(Whiteboard: [completed secreview][start 07/03/2012][target 07/13/2012])
Per bug 701759, we have developed a new social sharing JavaScript library that keeps user data private until they decide to share a web page. The code is currently in code review, but will need an Infrasec review. There is not a lot of code to review so it should go pretty quick. Bug 723761 is the technical implementation of the sharing library. As soon as the code is past code review, I will provide a link to the repo to review.
Updated•12 years ago
|
QA Contact: mcoates → jstevensen
Updated•12 years ago
|
Assignee: security-assurance → yboily
Whiteboard: [pending secreview] → [secr:yvan]
Updated•12 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 1•12 years ago
|
||
The social sharing library is now code complete and we would like to proceed with the security review. The demo and code can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=723761#c50 Who is/are the point of contact(s) for this review? Chris More Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Be able to use Facebook, Twitter, and Google+ social sharing widgets without exposing user data until a user action (click). Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: More info: https://bugzilla.mozilla.org/show_bug.cgi?id=701759 Does this request block another bug? If so, please indicate the bug number No This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? No extremely urgent as we will release it on some websites when it is ready. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? No Are there any portions of the project that interact with 3rd party services? Yes Will your application/service collect user data? If so, please describe Yes, data will move between the end user and one of the social websites if they are logged in. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): All good. Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Updated•12 years ago
|
Keywords: sec-review-needed
Whiteboard: [secr:yvan] → [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy]
Reporter | ||
Comment 2•12 years ago
|
||
Please proceed with the security review of the social sharing widget. Demo: http://people.mozilla.org/~pmclanahan/collusion/
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [pending secreview][start 07/03/2012][target 07/13/2012]
Reporter | ||
Comment 3•12 years ago
|
||
Code here: https://github.com/mozilla/SocialShare/
Assignee | ||
Comment 4•12 years ago
|
||
I will continue some additional testing around this, but based on a review of the code and the demo page, it seems pretty good! Very happy to see this completed!
Keywords: sec-review-complete
Whiteboard: [pending secreview][start 07/03/2012][target 07/13/2012] → [start 07/03/2012][target 07/13/2012]
Updated•12 years ago
|
Flags: sec-review+
this appears to be resolved-fixed but not marked as so
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [start 07/03/2012][target 07/13/2012] → [completed secreivew][start 07/03/2012][target 07/13/2012]
Updated•12 years ago
|
Whiteboard: [completed secreivew][start 07/03/2012][target 07/13/2012] → [completed secreview][start 07/03/2012][target 07/13/2012]
You need to log in
before you can comment on or make changes to this bug.
Description
•