Please report any other irregularities here.
|Submitter||Diff||Changes||Open Issues||Last Updated|
|Error loading review requests:|
59 bytes, text/x-review-board-request
|Details | Review|
Loading remote web content in the parent process is dangerous in a post-sandbox world, as it means loading remote content outside the sandbox. About:addons loads remote content, mainly from our own sites, but also remote sites like google analytics. From what i have seen so far, all connections seem to be SSL, so that it a mitigating factor, but we should consider moving this to a content process (either existing or new). PS Couldn't find a more specific component, please move as appropriate.
Component: General → DOM: Content Processes
Product: Firefox → Core
This should be fairly trivial, ie setting remote=true on the <browser> we use to frame the discovery pane. Dave, do you or Andrew have cycles for this?
Component: DOM: Content Processes → Add-ons Manager
Product: Core → Toolkit
I seem to recall that it isn't quite that simple but I'll take a look and see what the state is.
Assignee: nobody → dtownsend
Mossop and I discussed a Gecko bug that he was hitting about this today. I'll file it tomorrow.
Mossop, can you please post a WIP patch here that demonstrates the exception we were debugging on IRC yesterday? Thanks!
Flags: needinfo?(ehsan) → needinfo?(dtownsend)
Created attachment 8839578 [details] [diff] [review] WIP patch This is the WIP, really only the change to extensions.xul is necessary and the exception happens when you open the add-ons manager UI.
For the gecko bug here.
(In reply to Dave Townsend [:mossop] from comment #6) > For the gecko bug here. Not sure which patch you are asking for. The fix will be in bug 1340747.
Dave, Michael posted a patch in bug 1340747 which I just r+ed. That should unblock you here. Let me know if you run into any other issues.
I'm not actively working on this.
Assignee: dtownsend → nobody
You need to log in before you can comment on or make changes to this bug.