SecReview tracking bug Actions regarding the review of the dependent bug should be tracked here.
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: 2 (P4) - Team Quarterly Goal Operational: 0 - N/A User: 5 - Blocker Privacy: 5 - Blocker Engineering: 3 - Major Reputational: 3 - Major Priority Score: 32
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [pending secreview][start 04/10/2012][target 11/10/2012]
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012] → [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium]
Who is/are the point of contact(s) for this review? -- Dave Camp (email@example.com) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): -- New implementation of the HTML tree. Solves a few problems the old one did not: * Responding to mutation events * Full attribute editing * Undo/redo Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: -- https://wiki.mozilla.org/DevTools/Features/HTMLTreeEditor Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? -- Firefox only. Are there any portions of the project that interact with 3rd party services? -- Nope. Will your application/service collect user data? If so, please describe -- Nada. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): -- Like many of the developer tool features, we do a lot of reflecting back of unsafe data in the UI, so attention should be paid to how we expose that data. There's one little bit in particular that I'd like feedback on: when a user edits an attribute, we do some parsing in _applyAttributes(). We should make sure that's safe.
I've reviewed the code for this (and spoken to Dave) and have no concerns; I see no need for team review; closing out.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start 04/10/2012][target 11/10/2012][Score:35:Medium] → [completed secreview]
You need to log in before you can comment on or make changes to this bug.