Now I’ve started spending a lot more time working on Mozilla things, I’ve started doing a weekly status report for Frank. I’m also going to post it here (well, most of it :-) in case it’s of interest.
This Week
- Continued to knock the list of outstanding CA applications into shape
- Started a discussion on whether we should admit “regional CAs”
- Got on top of my mail backlog, and started to knock off a few longer term mini-projects
- Tried to do some textual analysis on the contents of the mozilla.feedback newsgroup (from Hendrix)
- Found some people to maintain the Effective TLD list
- Worked on b.m.o. security group reorganisation proposal (discussion in mozilla.dev.security)
- Tried out Passpet Firefox extension; couldn’t get it working
- Participated in EV discussions in mozilla.dev.security
- Submitted proposal to talk at OSCON – “Beyond the Lock: Browser Security UI For The Distracted”, in cooperation with Mike Beltzner
Next Week
- Will begin to evaluate actual CA requests
- Hope to get started on master list of CAs (blocked on getting format and list of required info from Frank)
- Work on Content Restrictions patch as part of Firefox 3.0 (waiting for design help from dveditz)
Does anyone have a Wiki-to-HTML bookmarklet?
Content Restrictions … interesting stuff.
For “script”, I think “same host”, “same domain” (-> use effective TLD service) and “same path” (implies same host) should be added.
Also, it becomes clear that there’s no straight hierarchy. You would have three groups: source (internal, external), position (head) and origin (domain, host, path). Either you define three names or you allow to combine the value groups, e.g.: script=external+host+head
Ok, there’s already “domain” … I should have read to the end before posting. However, I wouldn’t want to restrict “all requests initiated by the page” but only scripts.
Dao: but what about web bugs? It’s not only script which can be XSSed into a page to do nasty-ish things.
You are right – it would make good sense to split up script location and script in-page position.
“Does anyone have a Wiki-to-HTML bookmarklet?”
Actually, I don’t, but you may be interested in Wiki2Xhtml
http://www.fgranger.com/dotclear/index.php/tag/wiki2xhtml
–Tristan