Closed Bug 787481 Opened 12 years ago Closed 12 years ago

SecReview: HTML Tree editor


( :: Security Assurance: Review Request, task)

Not set


(Not tracked)



(Reporter: curtisk, Assigned: mgoodwin)




(Whiteboard: [completed secreview])

SecReview tracking bug
Actions regarding the review of the dependent bug should be tracked here.
Risk/Priority Ranking Exercise

Priority: 2 (P4) - Team Quarterly Goal

Operational: 0 - N/A
User: 5 - Blocker
Privacy: 5 - Blocker
Engineering: 3 - Major
Reputational: 3 - Major

Priority Score: 32
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [pending secreview][start 04/10/2012][target 11/10/2012]
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012] → [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium]
Blocks: 777085
Who is/are the point of contact(s) for this review?

Dave Camp (

Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):

New implementation of the HTML tree.  Solves a few problems the old one did not:
* Responding to mutation events
* Full attribute editing
* Undo/redo

Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:

Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?

Firefox only.

Are there any portions of the project that interact with 3rd party services?

Will your application/service collect user data? If so, please describe 

If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):

Like many of the developer tool features, we do a lot of reflecting back of unsafe data in the UI, so attention should be paid to how we expose that data.

There's one little bit in particular that I'd like feedback on: when a user edits an attribute, we do some parsing in _applyAttributes().  We should make sure that's safe.
I've reviewed the code for this (and spoken to Dave) and have no concerns; I see no need for team review; closing out.
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium] → [completed secreview]
You need to log in before you can comment on or make changes to this bug.