Closed
Bug 935694
Opened 12 years ago
Closed 12 years ago
SecReview: CodeMirror in Devtools
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
VERIFIED
FIXED
Due Date:
People
(Reporter: mgoodwin, Assigned: mgoodwin)
References
Details
(Whiteboard: [completed secreview][score=high] u= c= p=1 s=sprint 2)
Who is/are the point of contact(s) for this review?
Anton Kovalyov
Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
Replacement of Orion with CodeMirror in devtools
Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
See bug 816756
Does this request block another bug? If so, please indicate the bug number:
Yes, bug 816756
This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
High - a bunch of this code is already landed
To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal?
-
Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
Yes. Firefox (desktop)
Will your application/service collect user data?
No.
|
||
Updated•12 years ago
|
Assignee: nobody → mgoodwin
|
||
Comment 1•12 years ago
|
||
For what it's worth, Google also did a security review to use CodeMirror in the Chrome devtools about a year ago. The big concern at the time was the use of `innerHTML`, which lead to [this patch](https://github.com/marijnh/CodeMirror/commit/0f44da049a11) by @repenaxa, making CodeMirror use DOM bindings and fragments instead of `innerHTML`.
|
Assignee | |
Comment 2•12 years ago
|
||
(In reply to Jan Keromnes [:janx] from comment #1)
Thanks, Jan, that's useful information.
|
|
||
Updated•12 years ago
|
Due Date: 2013-11-22
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [pending secreview][score=high] u= c= p=1 s=ready → [in-progress secreview][score=high] u= c= p=1 s=ready
|
|
Assignee | |
Comment 3•12 years ago
|
||
Reviewed as per: https://hg.mozilla.org/mozilla-central/rev/8db3d638ccd1
Looking at changes subsequent to: https://bugzilla.mozilla.org/show_bug.cgi?id=816756#c42
|
|
Assignee | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [in-progress secreview][score=high] u= c= p=1 s=ready → [completed secreview][score=high] u= c= p=1 s=ready
|
|
||
Comment 4•12 years ago
|
||
Excellent! Mark, do you know if updating CodeMirror to a newer major release will require an additional SecReview? (CodeMirror v4 is in the pipes)
|
|
Assignee | |
Comment 5•12 years ago
|
||
(In reply to Jan Keromnes [:janx] from comment #4)
> Excellent! Mark, do you know if updating CodeMirror to a newer major release
> will require an additional SecReview? (CodeMirror v4 is in the pipes)
Just sec-review ? me when there's a bug for that and I'll take a look. Probably doesn't need full review - but I'll let you know if that changes.
|
|
||
Updated•12 years ago
|
Whiteboard: [completed secreview][score=high] u= c= p=1 s=ready → [completed secreview][score=high] u= c= p=1 s=sprint 2
|
|
Assignee | |
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•