Need about:config implemented

VERIFIED FIXED in mozilla0.9.4


18 years ago
14 years ago


(Reporter: yoel, Assigned: Chip Clark)


Dependency tree / graph

Firefox Tracking Flags

(Not tracked)



(26 attachments)

6.19 KB, patch
Details | Diff | Splinter Review
6.85 KB, text/plain
2.21 KB, text/plain
2.23 KB, patch
Details | Diff | Splinter Review
3.86 KB, text/html
5.03 KB, text/html
1.31 KB, text/html
4.98 KB, text/html
5.16 KB, patch
Details | Diff | Splinter Review
1.93 KB, text/plain
1.67 KB, text/plain
1.32 KB, text/html
4.79 KB, text/html
5.91 KB, patch
Details | Diff | Splinter Review
1.92 KB, text/plain
1.67 KB, text/plain
1.09 KB, text/plain
1.71 KB, text/plain
1.91 KB, text/plain
5.28 KB, text/plain
4.25 KB, text/plain
4.16 KB, text/plain
20.28 KB, patch
Details | Diff | Splinter Review
20.25 KB, patch
Details | Diff | Splinter Review
18.71 KB, patch
Details | Diff | Splinter Review
18.71 KB, patch
Details | Diff | Splinter Review


18 years ago
This is a 4.x farity feature request

When "about:config" is entered into the location field of the 4.x browser the 
current user preferences would be displayed.

Prefernces were color coated to differemtiate how they were set.

GREEN=default preferences that can be changed through the user                                  
BLUE=preferences that have been set in the preference file. 
BLACK=factory defaults 
RED=locked using Mission Control or the Client Customization Kit

Reproducible: Always
Steps to Reproduce:
type about:config in the URL area

Actual Results:  browser does not respond

Comment 1

18 years ago
This is a 4.x parity feature request

Comment 2

18 years ago
XPApps or Preferences.  Trying XPApps first.
Updating component, owner and setting bug to New.
Assignee: asadotzler → don
Component: Browser-General → XPApps
Ever confirmed: true
QA Contact: jelwell → sairuh

Comment 3

18 years ago
Reassigning as per Don
Assignee: don → mcafee
Keywords: nsbeta2
Whiteboard: [FEATURE]
Target Milestone: --- → M17

Comment 4

18 years ago
Putting on [nsbeta2-] radar. Not critical to beta2.  Adding nsbeta3 keyword to 
make sure this works for beta3.  Needed for debugging.
Keywords: nsbeta3
QA Contact: sairuh → jelwell
Whiteboard: [FEATURE] → [nsbeta2-][FEATURE]

Comment 5

18 years ago
over to warren.
Assignee: mcafee → warren
Component: XPApps → Networking

Comment 6

18 years ago
beta3 -> M19
Target Milestone: M17 → M19

Comment 7

18 years ago
Sorry for the spam.  New QA Contact for Browser General.  Thanks for your help
Joseph (good luck with the new job) and welcome aboard Doron Rosenberg
QA Contact: jelwell → doronr

Comment 8

18 years ago
Removing nsbeta3 keyword. I don't think this is essential to ship.
Keywords: nsbeta3
*** Bug 57969 has been marked as a duplicate of this bug. ***
->alecf to match bug 57969. but feel free to change as needed!
Assignee: warren → alecf
Component: Networking → Preferences
Keywords: nsbeta2 → 4xp
QA Contact: doronr → sairuh
Whiteboard: [nsbeta2-][FEATURE]
Target Milestone: --- → mozilla1.0

Comment 11

18 years ago
We would like to have this in order to test preference locking with
netscape.cfg.  This is necessary for CCK and other MCD-style tools.

Comment 12

17 years ago
reassign to chipc
Assignee: alecf → chipc
Keywords: nsbeta1, nsCatFood

Comment 13

17 years ago
Created attachment 35674 [details] [diff] [review]
nsPrefBranch, about & nsNetUtil changes

Comment 14

17 years ago
Created attachment 35676 [details]
core cpp file

Comment 15

17 years ago
Created attachment 35678 [details]
core .h file

Comment 16

17 years ago
preliminary work and proof of concept done on Win32.

  black = default  (it used to be green in 4.x)
  blue  = user setting 
  red   = locked setting
  green  = not used  (black used to be pref set by config method)

The list is not sorted - just dumped.
Comments welcome - this was just a first pass

Comment 17

17 years ago
Security implications of about:config?  can it be accessed through the DOM and 
thus vulnerable to exploits (ala 4.x)?
Hong, it should not be accessible through the DOM. There are two layers of
protection in place, the URI-loading policy and the same-origin policy, both of
which should block access to any about: URL other than the few we know are safe
(about:, about:blank, about:mozilla, and about:credits). If you find you can
access about:config from a script loaded form the web, please file a bug on me.

Comment 19

17 years ago
seems pretty reasonable, but please don't check in the first two changes in the
patch (i.e. the NS_WITH_SERVICE upgrade, or the inclusion of nsCOMPtr.h) -
they're not necessary and I'd rather nsCOMPtr.h be included in as few .h files
as possible.

Comment 20

17 years ago
(that comment was on the patch, I'm reviewing the .h/.cpp files now)

Comment 21

17 years ago
ok, initial comments on the patch:
- use CSS, dont use the <font> tag. Instead, define something at the top of the
file like
<style type="text/css">
  .default: { font-color: green }

then you can define the tags like
<div class="default"><b></b> = value</div>

(this is just a start, but find a book on CSS to get you started)

- there are lots of giant nested if's that seem really unnecessary.. 
- use stack space for fixed-size buffers, instead of allocating them
- don't hardcode values in variables, use #define instead
- you can't use != for string comparison, please find a book on C and read the
chapter on strings, that is a very basic concept!
- use i++, not ++i unless you know what you're doing
- what is/was childList? it's not actually used anywhere, yet you're allocating
memory for it and not freeing it

    bufferSize = 8192;
    childList = (char *)nsMemory::Alloc(sizeof(char) * bufferSize);
    if (childList != nsnull) 
        for (i = 0; i < theCount; ++i) 
            prefName    =   childArray[i];
            if(prefName != "")

This could just be:
for (i = 0; i< theCount; i++) {
  if (!childArray[i] || nsCRT::strcmp(childArray[i], "")==0)

You should always review your OWN code, before requesting others to review it..

Please read: - a work in progress,
not required reading (yet!)
before submitting another patch

Comment 22

17 years ago
<alecf> thanks for the comments 

The patch wasn't expected to be prime-time, but I will certainly add your items
to the existing list of things to be done prior to check-in.

Right now I'm still going thru it for things.   Then bnesse will get his shot at
it before I even consider passing it for r or sr.

Comment 23

17 years ago
sorry :)
I was just scared by some of the more glaring errors..

Comment 24

17 years ago
might as well get the html 100% right for the start..:

"<B>" should be "<strong>"
"</B>" should be "</strong>"
"<H1>" should be "<h1>"
"</H1>" should be "</h1>"

Comment 25

17 years ago
Can someone explain why this isn't being done using javascript and the generic 
about redirector?

Comment 26

17 years ago
Ideally preferences would be reflected (until natively implemented) as an RDF 
datasource, and about:config display would be done in an outliner / tree widget, 
with editable content. ;-)

Seriously though, what would about:config done in JavaScript buy you?

Comment 27

17 years ago
consistency for one...

Comment 28

17 years ago
not just consistency, but lower maintenance costs - take about:plugins as an
example.. it's very easy to tweak that. Rule of thumb is if you're dealing with
UI, it's a lot easier to use JS. (there are exceptions to every rule, blah blah..)

Comment 29

17 years ago
Does this comment in bug 57969 still apply: "- there's no clean way to enumerate
prefs from JS. talked with shaver about this briefly over IRC - I favored fixing
CreateChildList() to be script-friendly".

Brian, anything the new prefs code brought in that would make doing about:config
in JS easy?

Comment 30

17 years ago
GetChildList is the "script-friendly" version of CreateChildList. Offhand I
can't think of any reason why this couldn't be done in JavaScript...

Comment 31

17 years ago
One data point: bringing up about:config done in JavaScript: 136 secs. C: 12 secs.

Comment 32

17 years ago
I'd like to see the javascript implementation. we should be able to implement
this in no more than 2x the c++ speed (and I would say, perhaps even as little
as 1.1x)

Comment 33

17 years ago
Created attachment 36829 [details] [diff] [review]
Required patches to use config.html

Comment 34

17 years ago
Created attachment 36830 [details]
About config javascript implementation

Comment 35

17 years ago
ah ha! See, the real difference between these two is that the JS is generating a
giant table, and the C++ is generating a series of <font> tags...

Comment 36

17 years ago
running in debug mode on Win32

HTML file with tables           56.4 seconds
HTML file without tables        33.4 seconds

Native with tables              21.3 seconds
Native without tables            9.3 seconds

So is 56.4 seconds acceptable?  

Comment 37

17 years ago
I don't think so.

Comment 38

17 years ago
no of course not, but we're getting there. :)

Now, try using CSS and a series of <div> tags, all with the same class
attribute.. that will allow the page to share style information...


Comment 39

17 years ago
Created attachment 37707 [details]
test html/javascript page with both table and css implementation

Comment 40

17 years ago
After some testing with the above page (and the RTM candidate for 6.1)... I feel
tables are better than CSS formating.

The html file has both sets of code in it.. and can be easily switched from
using tables (current format) to using css code.

with tables (and limiting the number of prefs to 400 - rather than the entire
list) I was able to bring the page up in less than 10 seconds (multiple times).

However, with the css code implementation the same number of prefs take over 170
seconds .... and occasionally taking over 200 seconds.

I'm not sure what this proves other than... tables are better than css at this
point for this implementation.

Comment 41

17 years ago
well, your css-based view is all crazy - each row has the same ID - you
shouldn't be using ID here, you should be using class. In a given document,
there should only be one element with a given id, not 400!
... it MIGHT be why the CSS one is so slow..(might not, but you never know)

Comment 42

17 years ago
Ok.... changed the ID's to classes and ran it with all prefs (not just 400).

The time just keeps getting slower and slower.

to load 884 prefs (that's 100% of the hash table)
it took 6130.8 seconds  (or 102 minutes)

Tables are faster:
27 seconds  

Comment 43

17 years ago
an hour and 42 minutes? something else is clearly wrong.

Comment 44

17 years ago
After some exhausting testing here is what I've found:

Mozilla -              # of prefs      100      300      500     900
   Internal about:config
         builds HTML file
              using table              2.25     5.38     10.33   18.67
              using CSS                3.75     12.09    33.41   67.43
         C++ code
              using table              1.67     4.2       8.71   14.95
              using CSS                3.24     9.76     27.65   57.55
   External HTML page
              using table              2.38     5.88     10.67   19.01
              using CSS                2.94     8.69     23.65   51.46

I found it odd that CSS would actually run faster using an external HTML page
than it would via a C++ implementation - however, tables are much faster across
the board.

The difference between the tables internal and via the C++ code is insignificant
(IMHO)... vs the advantages of having an HTML file that can be easily edited. 

Therefore, I'm going to submit a patch based on the HTML files - formatted via
tables for review.

Comment 45

17 years ago
Created attachment 40100 [details]
initial config.html file to be put in mozilla\xpfe\global\resources\content

Comment 46

17 years ago
Created attachment 40101 [details]
Secondary config2.html file to be put in the same directory... this is the html file that does all the work

Comment 47

17 years ago
What about intl?
hardcodet languages are never good or dont we care for these files?

My other comments:
<script> should be <script type="application/x-javascript"> in the first 
- A lot of blank lines in both files. please delete those.
- Insert a new line after strict.dtd">
- You're missing some " in the var prefWindow line around width=600, height=400
- Make sure to check for javascript strict warnings!
- Make correct indents in the style section. Some are idented some not.
- Indents should be either TABS or SPACES. not both.

Please add the following line to your prefs.js file, so we could avoid all the 
strict warning fixup...:
user_pref("javascript.options.strict", true);

sorry for coming in at the last minute.

how about this design to speed up about:config

use an outliner.  

you can implement your own nsIOutlinerView in javascript.
on load of config.xul (or what ever), you enumerate all the prefs names into a 
array.  config.css has the color rules (see threadpane.css for how we did 
priority color in the thread pane).  example, all outliner text cells 
with "locked" are red.

GetRowCount() returns the array len.
GetCellText(col,row) for col[0] == 'n' (for nameCol) returns prefarr[row]
GetCellText(col,row) for col[0] == 'v' (for valCol) get's the value of the pref 
named prefarr[row]
GetCellProperties(row), get the type of prefarr[row] appends the atom 
for "locked".


if doing it all from js is too slow, you can implement the nsIOutlinerView from 

I even think outliner has support for in-place editing, so later on you could 
add in place editing of prefs (like all the hidden prefs we tell users to edit 
by hand)


Comment 49

17 years ago
if we do this, either we do it outside of libpref, or we do it with javascript.
libpref should not require XUL...

Comment 50

17 years ago
I was already going to implement this in an html file (via js)... but the XUL
has definate possibilities.

Comment 51

17 years ago
Created attachment 41108 [details] [diff] [review]
diffs for all the code changes necessary to implement the html file

Comment 52

17 years ago
Created attachment 41110 [details]
cpp file goes in mozilla/netwerk/protocol/about/src and points to the html file

Comment 53

17 years ago
Created attachment 41111 [details]
head file goes in mozilla/netwerk/protocol/about/src

Comment 54

17 years ago
Created attachment 41112 [details]
updated config.html file goes in mozilla/xpfe/global/resources/content

Comment 55

17 years ago
Created attachment 41113 [details]
was config2.html... renamed and cleaned up... goes in the same directory as config.html (see above patch)

Comment 56

17 years ago
try using NS_GENERIC_FACTORY_CONSTRUCTOR to make your Create() routine - saves
you the trouble of hand-writing it..

Comment 57

17 years ago
oh by the way - you don't have to put your about handler in necko... you can put
it in any dll you want (such as preferences)

Comment 58

17 years ago
Here are my comments about the last attachments:

What about intl? hardcoded text are never good or dont we care for these files?

"var  prefURL" should be "var prefURL". delete one space..

You use:, "preferences",winChrome ,width=600, height=400);
shouldn't width=600, height=400 be in "
ala:'/help2/help_index.html', 'remote', 'width=600,height=400')

Warning: assignment to undeclared variable i
Source File: file:///c:/temp/c.html
Line: 61

Please add the following line to your prefs.js file, so we could avoid all the 
strict warning fixup...:
user_pref("javascript.options.strict", true);

Comment 59

17 years ago
Unfortunately this works very poorly on the Macintosh...

First it pops open the "Please wait" window, but never draws it. After a really
long pause (74 sec. on my machine) it finally draws the window (which I now have
to close to see the config display in the other window.)

Second, once the config page is created, the machine is stuck in some kind of a
loop where approximately every second it flips to the watch cursor and the
machine becomes totally unresponsive... almost like it's constantly re-laying
out the page or something. Closing the page is the only way to fix this.

The first problem is probably related to the crappy thead support in the MacOS.
the second... who knows. Assuming that these are Mac only issues (they seem to
be), we need to insure that these are actually fixable problems, and then file
the appropriate bugs as blocking this one.
the current fix is not the right approach.

to solve the performance problems, use the outliner. 

it is perfect for this.

Comment 61

17 years ago
Created attachment 46262 [details] [diff] [review]
patch - for supporting/existing files

Comment 62

17 years ago
Created attachment 46263 [details]

Comment 63

17 years ago
Created attachment 46265 [details]

Comment 64

17 years ago
Created attachment 46266 [details]

Comment 65

17 years ago
Created attachment 46267 [details]

Comment 66

17 years ago
Created attachment 46268 [details]

Comment 67

17 years ago
Created attachment 46270 [details]

Comment 68

17 years ago
Created attachment 46271 [details]
corrected - mozilla\xpfe\global\resources\content\config.js

Comment 69

17 years ago
I don't feel comfortable giving an r, since I'm not an expert in this area. 
I've got a comment and question.

Formatting: the tabs are kinda goofy.  If I had to guess, I would say you were
using the editor in VC++.  The modeline says tab-width should be 4 spaces.
For example:
getCellText : function(k, col) 
			if ( !arr[k] )
				return arr[k][col];

code in the onConfigLoad function has the same issues.

It looks like the code only displays a maximum of 100 prefs.  How does it
display more than the initial 100?

Comment 70

17 years ago
I'll go back thru config.js to make sure the tabs are set to 4.

actually, prefCount.value is initially set to 100... but gets reset a few lines

var prefArray = prefBranch.getChildList("" , prefCount);


Comment 71

17 years ago
Created attachment 46301 [details]
fixed tabs in config.js

Comment 72

17 years ago
Please turn on strict javascript warnings via Edit -> Prefs -> Debug and check 
the files! I dont want to file bugs on the javascript warnings if these files 
get checked in!

Comment 73

17 years ago
strict warnings are turned on... I'm still missing something.

I am getting no warnings related to my code.  There are no warnings in the
javascript window, and the ones I see in the debugging window aren't related to
code I'm submitting.   

What are the errors you are seeing?   (I have tested this on both Win & Linux)


17 years ago
Whiteboard: requesting r & sr

Comment 74

17 years ago
Created attachment 46472 [details] [diff] [review]
complete diff (cvs -q diff -uwN xpfe netwerk)
 getCellText : function(k, col)


            if ( !arr[k] )



                return arr[k][col];


else after return is a non-sequitur and a crutch, don't use it.

How come the Emacs modeline comment on line 1 and this function use 4-space
indentation, while the function at the bottom uses 2-space units of indentation?

I noticed that in the most recent attachment (08/17/01 17:13) you removed the
enablePrivilege calls from the beginning of onConfigLoad(). This is good, those
calls shouldn't be necessary.

There's a security concern here which has bitten us before with other about:
pages. If an attacker can insert script code into a pref value somehow (for
example, if the user visits a page with URL<SCRIPT>some JS code here</SCRIPT> and that
URL gets set as the value of "browser.last_page_visited" or whatever that pref
is, and the user then visits about:config, the JS code from the URL will be run
with full privilege.

Currently, a webpage should not be allowed to load or link to about:config, so
unless an attacker takes advantage of another exploit, this is only a problem if
the user explicitly visits about:config after the attacker has inserted a script
into prefs. So this isn't much of an exploit on its own, but it ups the ante on
other exploits.

To make this safer, we should "escape" all prefs data written to the
about:config page. Basically, this means replacing < with &lt; and > with &gt;,
that should do the trick. 
   There are potentially '<' and '>' in the pref values that your JS code is
writing to the page, as in the example I mentioned. We need to be sure that the
prefs data we're writing to the page gets written as text, not as "live" HTML.

Basically, after you set prefValue in onConfigLoad(), you should process it like

function htmlEscape(s) { 
 s = s.replace(/\&/g, "&amp;"); 
  s = s.replace(/\>/g, "&gt;"); 
  s = s.replace(/\</g, "&lt;"); 
  return s; 

r=mstoltz on config.js with the above change. I don't know XUL or CSS too well,
so someone else should review those.

Comment 78

17 years ago
I haven't looked at the code, but a couple questions--are there other characters
besides < and > that will cause similar problems? For instance, what if the &
character occurs in the prefs?

If so, does Mozilla already have some more comprehensive HTML escaping code that
could be reused here to cover most or all of the necessary cases?

Comment 79

17 years ago
set to 0.9.4
Target Milestone: mozilla1.0 → mozilla0.9.4

Comment 80

17 years ago
r/sr=darin on the netwerk changes

Comment 81

17 years ago
Created attachment 46742 [details] [diff] [review]
Updated patch with recommended changes


17 years ago
Blocks: 96712

Comment 82

17 years ago
You don't have to add chrome files to MANIFEST and makefiles anymore, just the

Also, in config.css you have some rules that reference outliner-bodybox, but
this is a class, and so you need to prepend a period, like so:

outliner:focus > .outliner-bodybox


Comment 83

17 years ago
Created attachment 47261 [details] [diff] [review]
Changes to css file (and removed MANIFEST & makefiles)

Comment 84

17 years ago
Chip, I would recommend one change.
instead of
+        if(prefBranch.prefHasUserValue(prefArray[i]) != 0)  // 0 = false
+            prefLockState = "user set";
+        if(prefBranch.prefIsLocked(prefArray[i]) != 0)    // 0 = false
+            prefLockState = "locked";
you can do 

if(prefBranch.prefIsLocked(prefArray[i]) != 0)
     prefLockState = "locked";
else if(prefBranch.prefHasUserValue(prefArray[i]) != 0)                        
     prefLockState = "user set";

with that change r=srilatha on the js file.

Comment 85

17 years ago
Sorry to barge in. There's no need to note that `0 == false', that's a common
idiom. In fact, this would probably read more easily if you left out the |!= 0|
altogether, and just had

       prefLockState = "locked";
  else if(prefBranch.prefHasUserValue(prefArray[i]))
       prefLockState = "user set";

Just my $0.02. Haven't looked at the rest of the patch.

Comment 86

17 years ago
[s]r=hewitt on the outliner stuff
can you attach a final patch?

Comment 88

17 years ago
Looks good. sr=waterson. I suspect the first RFE we're going to get on this will
be for the ability to print this... ;-)

Comment 89

17 years ago
Created attachment 47539 [details] [diff] [review]
diff as per request by Seth & David
Looks ok for 0.9.4, sorry I didn't approve earlier.  A couple of nits that I
hope you'll pick; feel free to post a really-final patch.
in any event.


+        k = (i + 1 - j);   // avoid numbering "capability" prefs

and later

+        arr[k-1] = {indexCol:prefIndex, prefCol:prefArray[i],
lockCol:prefLockState, typeCol:prefTypeName, valueCol:prefValue};

in the same loop does extra operations needlessly (i >= j so i-j >= 0 => k > 0,
so there's no need to bias k by 1).  When you finally do want k to be one more
than its maximum value as an index into arr[], just add one there:

+    view.rowCount = k + 1;

+        prefType = prefBranch.getPrefType(prefArray[i]);
+        if(prefType == 32)
+        {
+            prefTypeName = "string";
+            prefValue = prefBranch.getCharPref(prefArray[i]);
+            prefValue = htmlEscape(prefValue);
+        }
+        else if (prefType == 64)
+        {
+            prefTypeName = "int";
+            prefValue = prefBranch.getIntPref(prefArray[i]);
+        }
+        else if (prefType == 128)
+        {

Shouldn't you use the PREF_BOOL, etc. manifest constants here?  Also, consider
using a switch statement.

This is crashing for me if I use about:config the second time.
1. Type about:config
2. Load another page
3. type about:config again -> crash

win2k build 20010901.. (CVS opt)

Comment 92

17 years ago
Chip, why were all of the new files NPL'd?

Comment 93

17 years ago
Verified Matti's crash (on Mac). Opened as bug 98207.

Comment 94

17 years ago
The bits were checked in Friday at 11pm by Brian Nesse (thanks Brian!)

Changes to "var k" and putting in a switch (rather than else if) were part of
this fix - however, I could not figure out how to get javascript to understand
the defines in nsPrefBranch for PREF_BOOL, PREF_INT & PREF_CHAR

As to the NPL question - I used the same "license" header as found in all the
other about: functions.

While there is a new bug 98207 as a result of this "fix" - it is possibly
related to either JS or XUL so I am marking this fixed.
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 95

17 years ago
you probably wanted to use 

or, easier:
const nsIPrefBranch = Components.interfaces.nsIPrefBranch

and then use

and so forth.
For future reference, will be providing a "what license to use on
new files" doc soon, and the license will be a dual MPL/LGPL whose boilerplate
will be published shortly.  Anyway, stay tuned.  For now, using NPL if you are a is ok.


Comment 97

17 years ago
Filed bug 98667 -- this is not working on Linux (chokes on a particular linux 
pref name).

Comment 98

17 years ago
> I even think outliner has support for in-place editing, so later on you could 
> add in place editing of prefs (like all the hidden prefs we tell users to edit 
> by hand)

UI for editing arbitary prefs is bug 17199.
now implemented; vrfy fixed with 2001.09.04 bits.


17 years ago
Blocks: 68946


15 years ago
Whiteboard: requesting r & sr
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.