Closed
Bug 776477
Opened 11 years ago
Closed 6 years ago
[meta] about:newtab should be unprivileged
Categories
(Firefox :: New Tab Page, defect)
Firefox
New Tab Page
Tracking
()
RESOLVED
FIXED
People
(Reporter: ttaubert, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: meta, Whiteboard: [tracking])
The new tab page should be unprivileged as that would be better for a couple of security reasons and we could allow javascript: links and bookmarklets on the page. We can easily register the page with the JSM as we do now and let the JSM handle all privileged code for us. Communicating via messages we can receive links, pin/unpin sites, etc. I took a quick stab at it and there are two problems: 1) It currently is a XUL page because of better RTL handling - bug 455553 comment #96. Since we disabled remote XUL it's disabled for unprivileged pages. 2) We'll need a content script to communicate between the message managers. I'm not sure how the communication between the content script and the unprivileged page itself works.
|
||
Updated•11 years ago
|
Assignee: nobody → andres
|
Reporter | |
Comment 1•11 years ago
|
||
(In reply to Tim Taubert [:ttaubert] from comment #0) > 1) It currently is a XUL page because of better RTL handling - bug 455553 > comment #96. Since we disabled remote XUL it's disabled for unprivileged > pages. Looks like we need to turn about:newtab into an HTML page (see bug 783478 comment #5) in order to make it unprivileged.
|
||
Comment 2•11 years ago
|
||
(In reply to Tim Taubert [:ttaubert] from comment #1) > Looks like we need to turn about:newtab into an HTML page (see bug 783478 > comment #5) in order to make it unprivileged. Not necessarily true - see bug 783478 comment 9.
|
|
||
Updated•10 years ago
|
Assignee: andres → nobody
I hate to bump this, I know you are very busy Tim. I've attached a patch in a bug blocked by this, with the hope of fixing a limitation with the current "new tab page"-implementation. Is this still possible to fix?
Flags: needinfo?(ttaubert)
|
|
Reporter | |
Comment 4•10 years ago
|
||
It is definitely possible to fix this but it will require a non-trivial amount of work. It's not currently on our roadmap but I'll gladly take and review patches. This might be a little trickier than just re-writing a XUL page to be written in HTML, so be warned.
Flags: needinfo?(ttaubert)
|
|
Reporter | |
Updated•10 years ago
|
Blocks: fxdesktopbacklog
Whiteboard: [triage]
|
||
Updated•10 years ago
|
Whiteboard: [triage]
|
|
||
Updated•9 years ago
|
Whiteboard: p=0
|
||
Comment 5•9 years ago
|
||
Mass tracking-e10s flag change. Filter bugmail on "2be0fcce-e36a-4e2c-aa80-0e3d33eb5406".
tracking-e10s:
--- → +
|
|
||
Updated•9 years ago
|
No longer blocks: fxdesktopbacklog
Flags: firefox-backlog+
|
||
Updated•9 years ago
|
|
|
||
Updated•9 years ago
|
Flags: firefox-backlog+
Whiteboard: p=0 → [tracking]
|
||
Comment 6•9 years ago
|
||
Mass-move to Firefox::New Tab Page. Filter on new-tab-page-component.
Component: Tabbed Browser → New Tab Page
|
|
||
Updated•9 years ago
|
Flags: firefox-backlog+
|
||
Updated•9 years ago
|
Keywords: meta
Summary: [New Tab Page] about:newtab should be unprivileged → [meta] about:newtab should be unprivileged
|
||
Comment 7•9 years ago
|
||
Is this work prioritized somehow? With content services making about:newtab more useful, it becomes stranger and stranger that users can't use the back button to get back to it.
|
|
||
Updated•9 years ago
|
Flags: firefox-backlog+
How is this prioritized now that e10s is about to ship more widely ?
|
|
||
Comment 9•7 years ago
|
||
(In reply to Guillaume C. [:ge3k0s] from comment #8) > How is this prioritized now that e10s is about to ship more widely ? I think the question of about:newtab being unprivileged is orthogonal to e10s.
|
||
Comment 10•6 years ago
|
||
Care to close this as fixed/wontfix with the work in bug 776167? Or dupe to the Activity Stream work which is making about:newtab unprivileged?
Flags: needinfo?(gijskruitbosch+bugs)
|
|
||
Comment 11•6 years ago
|
||
(In reply to Jared Wein [:jaws] (please needinfo? me) from comment #10) > Care to close this as fixed/wontfix with the work in bug 776167? Or dupe to > the Activity Stream work which is making about:newtab unprivileged? This was bug 1021667. Given this is a meta bug and that bug is in the dep tree, I think we can just close this out. Ursula, can you confirm you're still intending to ship to all users in 56? Is there a timeframe for removing old-about-newtab?
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox55:
--- → wontfix
status-firefox56:
--- → fixed
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(usarracini)
Resolution: --- → FIXED
|
||
Comment 12•6 years ago
|
||
We'll be shipping preff'ed off to all users in 56, and then using a shield study we'll preff activity stream on to a percentage of users in 56. We'll be preff'ed on for all users in 57. I agree, close this out, since it won't be happening for old about:newtab anymore. So far we don't have a set time frame for removing old about:newtab, but it will definitely be post-57 at the earliest. Until then though, I don't actually see any more work being done on old about:newtab so we can definitely close this one out. As a side note, bug 1385306 will finalize making activity stream unprivileged. Thanks Gijs!
Flags: needinfo?(usarracini)
You need to log in
before you can comment on or make changes to this bug.
Description
•