Weekly Status 2007-03-16

This Week

  • Prepared Mozilla project application form for Summer of Code, before finding out chofmann had already done it :-)
  • Created/updated wiki pages to support our SoC effort (official list, idea brainstorming, potential mentors list)
  • Confirmed involvement of the Bugzilla project and mozdev in SoC
  • Made further enquiries of 2006 mentors and participants in order to write my “6 months on” report
  • Summarised results of discussion and presented a proposal for off-topic cancels in support newsgroups
  • Gathered confirmations from several CAs and turned them green on the list
  • Began review of QuoVadis root CA certificate inclusion request, as they were first to reply
  • Inquired about the technical feasibility of restricting government roots to one TLD
  • Engaged in design review in newsgroup for Content Restrictions
  • Started investigation of the possibility of using a lightweight Public Domain Dedication for simple testcases in the Mozilla tree

Next Week

  • “A CA a day keeps the doctor away”
  • Push people to suggest SoC ideas, and triage them to the official list; student submission deadline is 24th March
  • Implement off-topic cancel proposal (unless there are serious problems)
  • Further work on Content Restrictions

4 thoughts on “Weekly Status 2007-03-16

  1. Re the work on Content Restrictions. We really need a way of embedding (i)frames into pages and preventing them from accessing their parent frame.

  2. Ian: Same domain iframes, presumably, where you have control of the serving of the content inside the iframe? If so, it has that – see what is currently called the “hierarchy” restriction (in version 0.9.2).

  3. Gerv,

    Sorry, I meant cross-domain iframes in particular, so that we can embed frames of content from other websites and put them safely in our page without risk of them being able to change the content of our page or redirect our page somewhere else.

    Internet explorer has the non-standard security=restricted attribute, but this sucks as it uses the flawed IE concept of zones. I think simply preventing a frame accessing the DOM of the parent would be sufficient – it would be nice if this could be standardised within WHATWG/W3C.

    A live web use-case would be Yahoo! images, where they display a frame with information about the website, and show the website in a frame below. They use the IE security=restricted attribute.

    Another example is an internal company tool I wrote recently to cycle through a list of blog posts, and mark them as spam or not spam. I wanted to embed the documents in a frame/iframe, but some spammy ones would redirect me away from my tool. In the end I had to use the security=restricted attribute for IE, and for Firefox I make it a link instead. It’s a horrible feeling to not only have to use IE for something, but having wrote it too :(