Closed Bug 756591 Opened 8 years ago Closed 7 years ago
safebrowsing should prevent activation event
We need to have some blocklist support for manifest files, including the ability to disable previously installed manifests if they end up in a blocklist
I guess this blocking will be implemented per origin rather than the full URL to the manifest (ie, so a domain we want to block can't just move the manifest to somewhere else on the domain and have it work?) Under this assumption, I'm marking this as dependent on bug 756021 (which is where we are deciding exactly what the "origin" is in this world)
Depends on: 756021
implemented testing against safebrowsing for loading remote manifest files, pushed in change https://github.com/mozilla/socialapi-dev/commit/e668ec63bb4e942fae6bbb36c2261c9f8caa76c6 We probably also want a more direct blocklist like AMO, or potentially even using the AMO blocklist directly. We also need to consider when to recheck manifest files that made their way into the db, in case one later becomes a problem.
This is not a feature of v1 landing, not a blocker
Severity: blocker → normal
Should this be duped to bug 755126 then? What would need to be done here that isn't included in 755126?
The one item here that isn't in bug 755126 is the safebrowsing support we used early on. The benefit here would be to prevent activation from any site that gets a hit in safebrowsing. Another potential use would be to softblock any installed provider that gets a hit in safebrowsing.
Summary: blocklist support for manifests → safebrowsing should prevent activation event
I don't really understand the new summary - safebrowsing doesn't let you load pages on the blacklist at all, so there's no additional work required to "prevent the activation event".
short talk with gavin, this isn't necessary.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.