Status

task
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: curtisk, Assigned: mgoodwin)

Tracking

Details

(Whiteboard: [completed secreview], )

SecReview tracking bug
Actions regarding the review of the dependent bug should be tracked here.
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority: 2 (P4) - Team Quarterly Goal

Operational: 0 - N/A
User: 5 - Blocker
Privacy: 5 - Blocker
Engineering: 3 - Major
Reputational: 3 - Major

Priority Score: 32
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [pending secreview][start 04/10/2012][target 11/10/2012]
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012] → [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium]
Duplicate of this bug: 797052
Blocks: 777085
Who is/are the point of contact(s) for this review?
--

Dave Camp (dcamp@mozilla.com)

Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
--

New implementation of the HTML tree.  Solves a few problems the old one did not:
* Responding to mutation events
* Full attribute editing
* Undo/redo

Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
--
https://wiki.mozilla.org/DevTools/Features/HTMLTreeEditor


Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
--

Firefox only.

Are there any portions of the project that interact with 3rd party services?
--
Nope.

Will your application/service collect user data? If so, please describe 
--
Nada.

If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
--

Like many of the developer tool features, we do a lot of reflecting back of unsafe data in the UI, so attention should be paid to how we expose that data.

There's one little bit in particular that I'd like feedback on: when a user edits an attribute, we do some parsing in _applyAttributes().  We should make sure that's safe.
I've reviewed the code for this (and spoken to Dave) and have no concerns; I see no need for team review; closing out.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium] → [completed secreview]
You need to log in before you can comment on or make changes to this bug.