As discussed in mozlandia we both think it's a mistake to allow privileged app to use browser-api. We should change it to certified only, or restrict a subset to certified only.
We're using this API in our app: https://github.com/andreasgal/j2me.js
I chatted a bit with Paul about that. While not ideal, he believes we are not at risk of permission leakage because of csp and origin checks. So hold on for now.
I think getScreenshot() is probably the most privileged bit of the Browser API?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.