Component Security PRD
Overview
This document is for all intents and purposes a PRD for Component Security, aka Non-Crypto JavaScript Security. It is a work in progress, and shall be updated periodically. Okay, on with the show...Major Features
The Major Features which either have been or are slated to be completed are listed below. Format of listing may change, as well as additional explanatory information of each feature.- Backend for DOM Security Policy Enforcement - completed
- Backend for Site-Specific Security Policy Enforcement - completed
- JAR Protocol-based signed scripts - completed
- Setting privileges based on various levels of granularity
- Currently, privileges are set per-host or per-file - completed
- Need ability to set privileges on domain, host, directory, or file
- Better security model for XPConnect
- Current XPConnect security model is all-or-nothing access
- Since DOM is moving to XPConnect, we need the ability to control XPConnect access per-interface and per-function or property.
- UI for Prefs panel (Site Specific Preferences) [Blocking popus & other annoyances]
- [superset of Microsoft's security zones model]
- UI based user control over DOM access for websites
Minor (but important) Features
Ditto explanation of "Major Features" for "Minor Features".- Master Certificate Function aka Privilege Insertion Function - completed (see Master Certificate API)
- System principal certificate and API - completed
- Backwards compatible Signed Scripts (4.x syntax) - Bug 37333
Return to Component Security main page