Open Bug 1451016 Opened 2 years ago Updated 2 years ago
Improve how the Payment
Request UI uses form autofill management form resources
Some files from form autofill are also shared with the PaymentRequest UI to avoid duplicating locale, region and payment card specific formatting and validation logic. For autofill they are used via chrome:// URIs but for PaymentRequest they are loaded via resource:// since we don't want to give chrome privileges. There are a few problems with this: 1) The PaymentRequest code is currently in toolkit whereas the form autofill code is in browser/extensions/ since we don't support system add-ons in toolkit even though the autofill heuristic code would be useful on Android (just like password manager heuristics are). 2) The PaymentRequest dialog cannot reference the chrome:// URIs of the resources from autofill since the PaymentRequest UI intentionally runs at lower privileges to mitigate potential damage from a security vulnerability. * Because of this issue, I also package the files under a resource URI in bug 1428414 so I had to add the files to allowed-dupes.mn for now. This should be fine for development since the PaymentRequest directory isn't even built in non-Nightly so we won't ship duplicated files but we should fix issues 1 and 2 before the MVP. > ERROR: The following duplicated files are not allowed: > firstname.lastname@example.org/chrome/content/editCreditCard.xhtml > chrome/toolkit/res/payments/formautofill/editCreditCard.xhtml > email@example.com/chrome/content/autofillEditForms.js > chrome/toolkit/res/payments/formautofill/autofillEditForms.js We should probably move the PaymentRequest UI code to browser/ since most of code is UI-specific and it's not clear Android would use non-native HTML UI. We can also try to convert the duplicated files to be resource: everywhere.
You need to log in before you can comment on or make changes to this bug.