Changes

Jump to: navigation, search

Roadmap Scratchpad

20 bytes added, 00:11, 8 November 2005
m
Miscellaneous platform improvements
The security model for web content relies on careful management of trust labels, the mixing of which has long been known to security researchers as a source of significant danger. Also, Gecko's support for content with elevated privileges, derived from the Java privilege model from the time of Netscape 4, does not sufficiently distinguish between web applications that can be trusted not to spoof application UI or attempt to "drive by" extension installation, and those that seek to run arbitrary code on the host machine or perform unrestricted operations on the local filesystem. Building on successful research from the programming-language security community; lessons from Java and .NET; and our own person-centuries of experience building and reinforcing web security models, we seek to provide a richer and more reliable model of trusted execution, and especially "partially-trusted" execution.
Extensions have proven to be a very valuable mechanism for extending and improving Firefox and other "toolkit" applications. More sophisticated dependency handling, streaming or stubbed install, and cross-application extension management will be combined with support for additional types of extensions such as language packs and search tools. Combined with application-level improvements in overlay-point freezing or and other such advancements, these should provide significant benefits to developers of extensions to Gecko 1.9-hosted applications.
The development of rich web applications requires sophisticated debugging and analysis tools, and this extends to applications built on web-like platforms like such as Gecko. Mozilla has provided tools such as including the Venkman JavaScript debugger and the DOM Inspector to assist developers of such applications, and we will continue to make improvements in Gecko to support corresponding improvements in these and similar tools. While we do not anticipate the development of a fully -integrated Mozilla development environment, and we do not feel believe that such IDEs are in wide use by web-application developers, we will undertake to support the development of such tools through improved introspection and debugging interfaces. The [[#JavaScript_2"|JavaScript 2]] work includes such debugging improvements, and we will roll the layout-interface elements of the DOM Inspector into Gecko proper to facilitate the development and distribution of such introspection tools. Projects such as Eclipse may also be served by the inclusion of additional language bindings, as we plan to do for [[#Python_for_XUL|Python]].
* Security model improvements
* Extension manager
* Tooling support
Confirm, emeritus
419
edits

Navigation menu