Security/Reviews/ModuleLoader
From MozillaWiki
Please use "Edit with form" above to edit this page.
Item Reviewed
Module Loader | |||||||||||||
Target |
2 Total; 0 Open (0%); 1 Resolved (50%); 1 Verified (50%); |
The given value "
ID | Summary | Priority | Status |
---|---|---|---|
743359 | Land module loader to firefox | P1 | RESOLVED |
756491 | SecReview: Land module loader to firefox | -- | VERIFIED |
2 Total; 0 Open (0%); 1 Resolved (50%); 1 Verified (50%);
" contains strip markers and therefore it cannot be parsed sufficiently.Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- we are using a module loader that is similiar to what is used by Node.js
- long term goal is to land SDK to Firefox
- landing this first, then api then sdk
- this would allow jetpack items to use the module loader (currently shipped with each add-on)
- Loader instance won't be shared across add-on instances just a code to create loaders
- Blacklists Components from sandboxes we create
https://bugzilla.mozilla.org/show_bug.cgi?id=747434
- We will be able to visualize capabilities graph for add-on reviewers like this:
What solutions/approaches were considered other than the proposed solution?
- keep it as is
Why was this solution chosen?
- better for performance and smaller add-ons
Any security threats already considered in the design and why?
- uses SubscriptLoader() so remote modules will not be loaded.
Threat Brainstorming
'
Property "SecReview feature goal" (as page type) with input value "* we are using a module loader that is similiar to what is used by Node.js
- long term goal is to land SDK to Firefox
- landing this first, then api then sdk
- this would allow jetpack items to use the module loader (currently shipped with each add-on)
- Loader instance won't be shared across add-on instances just a code to create loaders
- Blacklists Components from sandboxes we create
https://bugzilla.mozilla.org/show_bug.cgi?id=747434
- We will be able to visualize capabilities graph for add-on reviewers like this:
Action Items
Action Item Status | None |
Release Target | ` |
Action Items | |
' |