Closed
Bug 1466130
Opened 7 years ago
Closed 4 years ago
Use nsIClearDataService in Sanitizer.jsm for android
Categories
(Firefox for Android Graveyard :: General, enhancement, P2)
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: baku, Assigned: baku)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
|
9.70 KB,
patch
|
johannh
:
review-
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•7 years ago
|
||
There are several things to do here. Wondering if we should extend nsIClearDataService to cover the delete-specifc features for android.
Attachment #8982524 -
Flags: review?(jhofmann)
|
||
Comment 2•7 years ago
|
||
Comment on attachment 8982524 [details] [diff] [review]
android.patch
Review of attachment 8982524 [details] [diff] [review]:
-----------------------------------------------------------------
::: mobile/android/modules/Sanitizer.jsm
@@ +87,5 @@
> return true;
> }
> },
>
> // Compared to desktop, we don't clear plugin data, as plugins
Since you've added CLEAR_PLUGIN_DATA anyway [1], maybe amend the comment as well so there's no contradiction?
[1] No harm done and better to be safe I guess, plus technically the H264 GMP plugin still exists even on Android, and potentially any old data left over from people who had used Flash in the past?
|
||
Updated•7 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
|
||
Comment 3•6 years ago
|
||
Considering that we're only changing mobile/ code this should probably live in the Firefox for Android component :)
Component: DOM: Security → General
Product: Core → Firefox for Android
|
|
||
Comment 4•6 years ago
|
||
Comment on attachment 8982524 [details] [diff] [review]
android.patch
Review of attachment 8982524 [details] [diff] [review]:
-----------------------------------------------------------------
This patch looks good but please also replace https://searchfox.org/mozilla-central/rev/bf81d741ff5dd11bb364ef21306da599032fd479/mobile/android/modules/Sanitizer.jsm#371
It says fennec-only but that's just because desktop doesn't clear passwords, Fennec is still using Services.logins. One important note is that you'll have to also change the ClearDataService implementation of deleteAll (https://searchfox.org/mozilla-central/source/toolkit/components/cleardata/ClearDataService.js#220) to use Services.logins.removeAllLogins() instead of just passing a noop callback. This will avoid showing the MP prompt.
> Wondering if we should extend nsIClearDataService to cover the delete-specifc features for android.
A thought I had was to switch between different cleaners at module load based on runtime flags and implement the fennec-only loaders in a adjacent file.
::: mobile/android/modules/Sanitizer.jsm
@@ +94,5 @@
> + async clear() {
> + let refObj = {};
> + TelemetryStopwatch.start("FX_SANITIZE_COOKIES_2", refObj);
> + await clearData(Ci.nsIClearDataService.CLEAR_COOKIES |
> + Ci.nsIClearDataService.CLEAR_PLUGIN_DATA |
I'm going to trust you and JanH that this is safe to do on Fennec, I personally would have said just drop the flag.
Attachment #8982524 -
Flags: review?(jhofmann) → review-
|
||
Comment 5•4 years ago
|
||
Sanitizer.jsm was removed from mobile/android when Fennec was dropped.
PS. Once of Sanitizer.jsm's consumers was Fennec's implementation of the extension's browsingData API.
This API is now being resurrected in bug 1625233, by reusing part of the implementation from desktop, which already uses nsIClearDataService. Parts of the data clearing API is outside of Gecko, and handled by the embedder (GeckoView / Android-Components / Fenix).
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•