Closed
Bug 1477271
Opened 6 years ago
Closed 6 years ago
browser.search API does not require any permissions
Categories
(WebExtensions :: General, defect, P1)
WebExtensions
General
Tracking
(firefox63 fixed)
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
Details
Attachments
(1 file)
The browser.search API does currently not require any permissions. All extension APIs require a permission (unless there is another manifest key that would unlock the API). This serves the following purposes: - Principle of least privilege - extensions don't unlock functionality unless explicitly requested. - Auditing - Requiring an entry (permission) in manifest.json makes it easier to analyze the API usage of extensions. - Consent - If an API is ever deemed too powerful, then a warning can be added to a permission. This warning is optional, an API can require a permission without having a warning.
Comment hidden (mozreview-request) |
Assignee | ||
Comment 4•6 years ago
|
||
Note: Kris asked to refactor the test to not require enumerating every API method.
Status: NEW → ASSIGNED
Iteration: --- → 63.3 - Aug 6
Comment 5•6 years ago
|
||
mozreview-review |
Comment on attachment 8996472 [details] Bug 1477271 - Require "search" permission for search API https://reviewboard.mozilla.org/r/260552/#review267890 I don't understand why test_permissions_have_localization_strings in test_ext_permissions.js didn't fail here? r=me once we have an explanation for that
Attachment #8996472 -
Flags: review?(aswan) → review+
Comment hidden (mozreview-request) |
Assignee | ||
Comment 7•6 years ago
|
||
(In reply to Andrew Swan [:aswan] from comment #5) > Comment on attachment 8996472 [details] > Bug 1477271 - Require "search" permission for search API > > https://reviewboard.mozilla.org/r/260552/#review267890 > > I don't understand why test_permissions_have_localization_strings in > test_ext_permissions.js didn't fail here? It does fail. I didn't select the xpcshell test. I've updated the list of warning-less permisions to include "search" and verified locally that all toolkit extension xpcshell tests pass.
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/a659bb692003 Require "search" permission for search API r=aswan
Comment 9•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a659bb692003
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•