Closed Bug 780507 Opened 12 years ago Closed 12 years ago

Expose the idle API only to certified apps

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla17

People

(Reporter: justin.lebar+bug, Assigned: justin.lebar+bug)

References

Details

Attachments

(1 file)

The idle API is currently available to all webpages. But per recent discussions on the mailing lists (dev-webapi, "should the idle service be exposed to the unprivileged web?"), we should only expose it to certified apps (and chrome).
Assignee: nobody → justin.lebar+bug
Attached patch Patch, v1Splinter Review
Attachment #649169 - Flags: review?(mounir)
Depends on: 780547
This passes the two idle API tests locally, but just in case: https://tbpl.mozilla.org/?tree=Try&rev=87837531db53
Comment on attachment 649169 [details] [diff] [review] Patch, v1 Review of attachment 649169 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/base/Navigator.cpp @@ +653,5 @@ > nsCOMPtr<nsPIDOMWindow> win = do_QueryReferent(mWindow); > NS_ENSURE_TRUE(win, NS_ERROR_UNEXPECTED); > + > + nsCOMPtr<nsIScriptObjectPrincipal> winSOP = do_QueryInterface(win); > + NS_ENSURE_TRUE(winSOP, NS_ERROR_UNEXPECTED); What about using NodePrincipal() from window->GetExtantDocument()?
Attachment #649169 - Flags: review?(mounir) → review+
Blocks: 780547
No longer depends on: 780547
(In reply to Justin Lebar [:jlebar] from comment #0) Yeah. And even for privileged Web apps, I would prefer prompting the user whether to disclose the info. Or the warning when the user knights a page as privileged app has to be very clear about the implications.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
Idle Timer stop working with System app this morning ... would it be possible because of this bug? |dump(navigator.addIdleObserver);| still return a function though and there were no JavaScript errors.
(In reply to Tim Guan-tin Chien [:timdream] (MoCo-TW) from comment #7) > Idle Timer stop working with System app this morning ... would it be > possible because of this bug? |dump(navigator.addIdleObserver);| still > return a function though and there were no JavaScript errors. Were there JS errors when you /called/ the function? Is the system app a certified app?
(In reply to Justin Lebar [:jlebar] from comment #8) > (In reply to Tim Guan-tin Chien [:timdream] (MoCo-TW) from comment #7) > > Idle Timer stop working with System app this morning ... would it be > > possible because of this bug? |dump(navigator.addIdleObserver);| still > > return a function though and there were no JavaScript errors. > > Were there JS errors when you /called/ the function? There wasn't. > Is the system app a certified app? I would be surprised if it's not. How do I check that?
Depends on: 781076
Summary: Expose the idle API only to privileged apps → Expose the idle API only to certified apps
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: