Open
Bug 1110074
Opened 9 years ago
Updated 8 months ago
[BrowserAPI] Change "browser" permission to certified apps only
Categories
(Core :: DOM: Core & HTML, defect, P5)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: kanru, Unassigned)
References
Details
As discussed in mozlandia we both think it's a mistake to allow privileged app to use browser-api. We should change it to certified only, or restrict a subset to certified only.
|
||
Comment 1•9 years ago
|
||
We're using this API in our app: https://github.com/andreasgal/j2me.js
|
||
Comment 2•9 years ago
|
||
I chatted a bit with Paul about that. While not ideal, he believes we are not at risk of permission leakage because of csp and origin checks. So hold on for now.
|
||
Comment 3•9 years ago
|
||
I think getScreenshot() is probably the most privileged bit of the Browser API?
|
||
Comment 4•5 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
|
Assignee | |
Updated•4 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•8 months ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•