Firefox/Meeting/06-Nov-2018
Contents
- 1 Friends of the Firefox team
- 2 Project Updates
- 2.1 Activity Stream
- 2.2 Add-ons / Web Extensions
- 2.3 Application Services (Sync / Firefox Accounts / Push)
- 2.4 Browser Architecture
- 2.5 Developer Tools
- 2.6 Fission
- 2.7 Fluent
- 2.8 Lint
- 2.9 NodeJS
- 2.10 Performance
- 2.11 Policy Engine
- 2.12 Privacy/Security
- 2.13 Search and Navigation
- 2.14 Test Pilot
- 2.15 Web Payments
- 3 This week I learned
Friends of the Firefox team
Introductions
- mconley introduces Andrew Creskey (:acreskey)
Resolved bugs (excluding employees)
- Fixed more than one bug
- :Matthias Kammüller
- :prathiksha
- Ariel Burone
- Arshad Kazmi [:arshadkazmi42]
- Collin Wing
- Heng Yeow (:tanhengyeow)
- Jonas Jenwald [:Snuffleupagus]
- Oriol Brufau [:Oriol]
- Qinghao Song
- Tim Nguyen :ntim
New contributors (🌟 = first patch)
- 🌟 Adam Holm cleaned up the styling of the input fields in the Network Monitor’s Edit and Resend interface
- 🌟 Heng Yeow (:tanhengyeow) fixed up some CSS in the Network Monitor, made it possible to display the Referrer Policy for a given request, made it so that cancelling Edit and Resend sends the user back to the Headers panel and updated the mappings of errors to MDN docs!
- 🌟 Zameer improved the contrast of the HTTP status code display in the Network Monitor Header panel
- 🌟 lba_2 fixed some Learn More links and polished up some CSS in the Network panel
- 🌟 rishabhjairath switched tabbrowser.js to using Services.uriFixup rather than a member variable pointing at that service
- 🌟 Sam re-ordered about:crashes to put unsubmitted reports back at the top
- Jack Song ported the About dialog and the Update History section of Preferences to Fluent
- 🌟 Vineeth Karra cleaned up some tabbrowser.js JavaScript that was using gBrowser instead of this
Project Updates
Activity Stream
Investigate newtab page changes through telemetry pings. The aim is to identify malicious takeovers
There is a way to turn off recommendations from CFR
- General -> Browsing
Add-ons / Web Extensions
- Extensions got finer control over context menus.
- Fallout from the updated about:addons appearance got cleaned up.
- Extension created protocol handlers no longer display a prompt if one is not necessary.
- Part of about:addons got converted to Fluent. Some other cruft was cleaned up along the way. Thanks to the MSU students working on this!
- Arshad fixed browser.downloads.download() so that calling it with the saveAs option no longer fails on Android.
- Piro fixed a quirk with browser.tabs.closeWindowWithLastTab.
Application Services (Sync / Firefox Accounts / Push)
- The team is working on Android components for syncing and storing bookmarks 📚 and history 🕒. The library is written in Rust, with an FFI for Java and Kotlin, and a schema based closely on Places 🦀.
- Edouard is working on a device pairing flow for Firefox Accounts, for a better sign-in experience that lets you scan a code on an existing device instead of typing your password everywhere 📱🔒.
Browser Architecture
- XBL in content has been taking nosedives lately thanks to removing XBL definitions for keybindings and the datetime bindings.
- Only around a third (35%) of XBL bindings remain.
- XUL/XBL replacement newsletter #9 posted.
Developer Tools
Debugger Panel
- David: Support for XHR Breakpoints (pause on specific URL or on any URL)
- David: Column Breakpoints (pausing on specific locations within a line)
Console Panel
- Nicolas: Better stack-traces (sharing React components with the Debugger)
Design Tools
- Gabriel: Multiple grid highlight support (1317102)
- New! Track Changes side panel
Network Panel
- Edit & Resend panel redesign
- Displaying Referrer Policy (spec, bug 1496742)
- Bunch of contributions from Outreachy applicants.
Fission
Bug 1493984 - The Fission-aware messaging simulation landed
- browser.fission.simulate = true
- (only covers code in browser/actors and toolkit/actors)
- Bug 1496840 (soon) - <browser>.browsingContext
- Bug 1503984 (soon) - Add a pref to return null on cross-origin iframe access
- Watch out for a “Fission for the front-end” session in Mozlando. Date/time TBD.
Fluent
Lint
- JSMs now have the same interfaces exposed to them as windows have (at least for WebIDL inclusions). However, we’ve not changed this in ESLint yet, for now update the globals list in tools/lint/eslint/eslint-plugin-mozilla/lib/environments/jsm.js
Work ongoing for enabling ESLint on more core directories.
- Landed NetUtils.jsm & netwerk/cookie, netwerk/dns, netwerk/protocol, parts of docshell
- Bugs in progress for parser, module, more netwerk.
NodeJS
Performance
felipe
- Landed the browser_tabdetach.js reflow test
- Tab Animations
- Hoping to have some new try builds by the end of the week which should have all of the animation cases covered
Been investigating why some (or all) of the animations frames seem to be dropped on the weak 2018 Quantum reference hardware
- Tentatively better results by using promiseDocumentFlushed to wait for layout to flush before kicking off the animation on the compositor
florian
- about:performance
- QA is spinning up to test the new Task Manager tool
- We’re going to be hiding some of the more confusing / unactionable things for release channel users (like system add-ons, preloaded about:newtab, ghost windows, Firefox itself)
- Have kicked off an experiment to try to get a crashstats-like list of “Top X hangs” from BHR. Feedback welcome!
- about:performance
Gijs
- Browser adjustment experiment
Initial testing suggests potential for up to 10% improvement by just decreasing the frame rate on low-end machines (ie 2018 reference device).
- This seems to affect pages that expect more reliable performance of requestAnimationFrame, and might make the user more fingerprint-able
- Working with rjesup, Bas and smaug to find an appropriate window of time to lower the frame rate
- Reduce useless about:blank loads
- Browser adjustment experiment
mconley
- Separate Activity Stream content process landed!
- Nightly-only right now, and I’ve queued up a security review
- Investigating some Talos regressions
- browser-tabsintitlebar.js re-work just landed on inbound! This means no more flushing layout when opening new windows.
- Separate Activity Stream content process landed!
Policy Engine
Landed for 64:
- Certificate installation
- Locale switching
- Browser startup page
- Working on ESR uplift
Privacy/Security
Since they are all over the internet already, have a look at our new UI/UX specs for anti-tracking (content blocking) in 65:
- We removed a bunch of old content blocking configuration prefs, code and UI that wasn’t needed anymore. Good riddance.
- jkt made it so that we no longer fall back to system principal in docshell.
- Prathiksha updated the storage permission prompt to make a lot more sense.
- Baku made sure that we clean up cookies and site data when the user has enabled session lifetime globally.
- Erica made the “Keep Until” menu in the Site Data section of about:preferences a checkbox instead.
- Erica gave the content blocking exception button in the identity popup a style refresh.
Search Shortcuts
- One-off buttons are now hidden when using a shortcut (Bug 1498023)
- Separated shortcuts telemetry from generic search telemetry (Bug 1499193)
- Shortcuts stay in the address bar when selecting search suggestions (Bug 1500516)
Quantum Bar
Heads-up, address bar changes!
- Some restriction characters changed: “~” has been removed, you can now match only urls using “$” instead of the “@”, and you can restrict matches to search suggestions using “?” instead of “$” (1499743). Note: we’re evaluating uplifting these changes to 64.
- The browser.urlbar.history.onlyTyped preference has been removed (1500108)
- The browser.urlbar.matchBehavior preference has been removed (Bug 1500138)
- We plan to remove the browser.urlbar.autocomplete.enabled pref (Bug 1502392)
- Added one-off buttons stub (Bug 1502455)
- Landed initial code to filter matches (Bug 1502385)
- Moved various functions from the window scope to UrlbarUtils.jsm (1502039)
- Moved isTabEmpty() to tab.isEmpty (Bug 1502069)
- Added APIs to allow porting more easily existing address bar tests. (Bug 1494334, Bug 1501270)
- Fixed identity popup opening (Bug 1499652)
Test Pilot
- Two new experiments shipping next week: email tabs, price-wise (comparison shopping)
- Side View headed to Shield
Web Payments
- Live user testing with some U.S. participants started yesterday and continues through this week.
Fixed
In Progress
- Handle moving/detaching tabs between windows when a Payment Request is showing
- An invalid credit card number stored in our autofill database blocks usage of the edit address and credit card dialogs
- Billing address information isn't displayed in the received response
- Original Billing Address is pre-selected after returning from the "Edit Billing Address" screen via "Back" button
- Move hard-coded `supportedRegions` array to a pref to allow developers outside US/CA to test PaymentRequest
This week I learned
- [MattN] `new (Cu.getGlobalForObject(Services).Object)` will create an object in the JSM global which is useful to not leak a browser window when an object is needed across windows e.g. after a tab detach. This came from mconley’s IRC discussion debugging a leak with other useful tips.
- [MattN] It’s possible to deep-link into Mojave Privacy preference sections using undocumented URIs. This is useful if you need the user to grant Firefox permission there. Example: Run this in the terminal on Mojave: `open x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles`
[felipe] DevTools has a useful memory tool with lots of information, and it can target the Browser context.
- Julien Wajsberg wrote to fx-dev asking for feedback on it
- Tree Map:
- GC Roots graph:
-
- It can even compare snapshots
- Bug 1489301 - Consider allowing Window-exposed interfaces to be used in System-exposed interfaces (as mentioned in the eslint section)