diff options
author | Matěj Cepl <mcepl@redhat.com> | 2011-04-28 14:28:10 +0200 |
---|---|---|
committer | Matěj Cepl <mcepl@redhat.com> | 2011-06-05 14:47:40 +0200 |
commit | 7b6eefcd506ec03e1db422ca6e1f4f1bb8420d1c (patch) | |
tree | 3a4b3480ea513c37f98782dd62193f4379ff48aa | |
parent | 55d9a312fbba91f1bcf5e3f3291b7bece8abb178 (diff) | |
download | bugzilla-triage-7b6eefcd506ec03e1db422ca6e1f4f1bb8420d1c.tar.gz |
Reorganization.
* fixingAttMIME, rhbzpage, xorgBugCategories moved to data/rhlib
directory,
* docs directory removed ... keep documentation in JSDocs; rewrite in MD
is a waste of time.
* move Ehsan’s scripts to separate data/tweaks directory.
-rw-r--r-- | data/rhlib/fixingAttMIME.js (renamed from data/lib/fixingAttMIME.js) | 0 | ||||
-rw-r--r-- | data/rhlib/rhbzpage.js (renamed from data/lib/rhbzpage.js) | 0 | ||||
-rw-r--r-- | data/rhlib/xorgBugCategories.js (renamed from data/lib/xorgBugCategories.js) | 0 | ||||
-rw-r--r-- | data/tweaks/addNewLinks.js (renamed from data/lib/addNewLinks.js) | 0 | ||||
-rw-r--r-- | data/tweaks/bug-page-mod.js (renamed from data/lib/bug-page-mod.js) | 0 | ||||
-rw-r--r-- | data/tweaks/cc-context.js (renamed from data/lib/cc-context.js) | 0 | ||||
-rw-r--r-- | data/tweaks/checkin-context.js (renamed from data/lib/checkin-context.js) | 0 | ||||
-rw-r--r-- | data/tweaks/preprocessDuplicates.js (renamed from data/lib/preprocessDuplicates.js) | 0 | ||||
-rw-r--r-- | data/tweaks/urltest.js (renamed from data/lib/urltest.js) | 0 | ||||
-rw-r--r-- | data/tweaks/viewSource.js (renamed from data/lib/viewSource.js) | 0 | ||||
-rw-r--r-- | docs/bzpage.md | 0 | ||||
-rw-r--r-- | docs/rhbzpage.md | 0 | ||||
-rw-r--r-- | docs/xhr.md | 82 | ||||
-rw-r--r-- | lib/main.js | 24 |
14 files changed, 12 insertions, 94 deletions
diff --git a/data/lib/fixingAttMIME.js b/data/rhlib/fixingAttMIME.js index 365cfae..365cfae 100644 --- a/data/lib/fixingAttMIME.js +++ b/data/rhlib/fixingAttMIME.js diff --git a/data/lib/rhbzpage.js b/data/rhlib/rhbzpage.js index 752e471..752e471 100644 --- a/data/lib/rhbzpage.js +++ b/data/rhlib/rhbzpage.js diff --git a/data/lib/xorgBugCategories.js b/data/rhlib/xorgBugCategories.js index 3357ed7..3357ed7 100644 --- a/data/lib/xorgBugCategories.js +++ b/data/rhlib/xorgBugCategories.js diff --git a/data/lib/addNewLinks.js b/data/tweaks/addNewLinks.js index b8e7bd2..b8e7bd2 100644 --- a/data/lib/addNewLinks.js +++ b/data/tweaks/addNewLinks.js diff --git a/data/lib/bug-page-mod.js b/data/tweaks/bug-page-mod.js index a7fb7e7..a7fb7e7 100644 --- a/data/lib/bug-page-mod.js +++ b/data/tweaks/bug-page-mod.js diff --git a/data/lib/cc-context.js b/data/tweaks/cc-context.js index 81b0a2d..81b0a2d 100644 --- a/data/lib/cc-context.js +++ b/data/tweaks/cc-context.js diff --git a/data/lib/checkin-context.js b/data/tweaks/checkin-context.js index 0ccec0c..0ccec0c 100644 --- a/data/lib/checkin-context.js +++ b/data/tweaks/checkin-context.js diff --git a/data/lib/preprocessDuplicates.js b/data/tweaks/preprocessDuplicates.js index d312fb9..d312fb9 100644 --- a/data/lib/preprocessDuplicates.js +++ b/data/tweaks/preprocessDuplicates.js diff --git a/data/lib/urltest.js b/data/tweaks/urltest.js index 609e77b..609e77b 100644 --- a/data/lib/urltest.js +++ b/data/tweaks/urltest.js diff --git a/data/lib/viewSource.js b/data/tweaks/viewSource.js index fd47cec..fd47cec 100644 --- a/data/lib/viewSource.js +++ b/data/tweaks/viewSource.js diff --git a/docs/bzpage.md b/docs/bzpage.md deleted file mode 100644 index e69de29..0000000 --- a/docs/bzpage.md +++ /dev/null diff --git a/docs/rhbzpage.md b/docs/rhbzpage.md deleted file mode 100644 index e69de29..0000000 --- a/docs/rhbzpage.md +++ /dev/null diff --git a/docs/xhr.md b/docs/xhr.md deleted file mode 100644 index ea21c80..0000000 --- a/docs/xhr.md +++ /dev/null @@ -1,82 +0,0 @@ -The `xhr` module provides access to `XMLHttpRequest` -functionality, also known as AJAX. - -## Exports ## - -<code>xhr.**XMLHttpRequest**()</code> - -Creates an `XMLHttpRequest`. This is a constructor, so its use -should always be preceded by the `new` operator. For more information, -see the MDC page on [Using XMLHttpRequest]. - -<code>xhr.**getRequestCount**()</code> - -Returns the number of `XMLHttpRequest` objects that are alive -(i.e., currently active or about to be). - -## Limitations ## - -The `XMLHttpRequest` object is currently fairly limited, and does not -yet implement the `addEventListener()` or `removeEventListener()` -methods. It also doesn't yet implement the `upload` property. - -Furthermore, the `XMLHttpRequest` object does not currently support -the `mozBackgroundRequest` property. All security UI, such as -username/password prompts, are automatically suppressed, so if -required authentication information isn't passed to the `open()` -method, the request will fail. - -## Resource Use ## - -Whenever this module is unloaded, all in-progress requests are immediately -aborted. - -## Security Concerns ## - -By default, the `XMLHttpRequest` object grants full access to any -protocol scheme, which means that it can be used to read from (but not -write to) the host system's entire filesystem. It also has unfettered -access to any local area networks, VPNs, and the internet. - -### Threat Model ### - -The `XMLHttpRequest` object can be used by an extension to "phone -home" and transmit potentially sensitive user data to third -parties. - -If access to the filesystem isn't prevented, it could easily be used -to access sensitive user data, though this may be inconsequential if -the client can't access the network. - -If access to local area networks isn't prevented, malicious Jetpack -code could access sensitive data. - -If transmission of cookies isn't prevented, malicious Jetpack code -could access sensitive data. - -Attenuating access based on a regular expression may be ineffective if -it's easy to write a regular expression that *looks* safe but contains -a special character or two that makes it far less secure than it seems -at first glance. - -### Possible Attenuations ### - -<span class="aside"> -We may also want to consider attenuating further based on domain name -and possibly even restricting the protocol to `https:` only, to reduce -risk. -</span> - -Before being exposed to unprivileged Jetpack code, this object needs -to be attenuated in such a way that, at the very least, it can't -access the user's filesystem. This can probably be done most securely -by white-listing the protocols that can be used in the URL passed to -the `open()` method, and limiting them to `http:`, `https:`, and -possibly a special scheme that can be used to access the Jetpack -extension's packaged, read-only resources. - -Finally, we need to also consider attenuating http/https requests such -that they're "sandboxed" and don't communicate potentially sensitive -cookie information. - - [Using XMLHttpRequest]: https://developer.mozilla.org/En/Using_XMLHttpRequest diff --git a/lib/main.js b/lib/main.js index f3e9458..c7fe2fd 100644 --- a/lib/main.js +++ b/lib/main.js @@ -29,7 +29,7 @@ function isOurPage(window, matchingURLs) { } /** - * + * */ function skipThisPage(doc) { var stemURL = "https://HOSTNAME/show_bug.cgi?id="; @@ -119,22 +119,22 @@ var messageHandler = exports.messageHandler = function messageHandler( }; var contentScriptLibraries = [ - self.data.url('lib/urltest.js'), + self.data.url('tweaks/urltest.js'), self.data.url("lib/util.js"), self.data.url("lib/jumpNextBug.js"), self.data.url("lib/queries.js"), self.data.url("lib/preprocessDuplicates.js"), - self.data.url("lib/viewSource.js"), + self.data.url("tweaks/viewSource.js"), self.data.url("lib/color.js"), - self.data.url("lib/addNewLinks.js"), + self.data.url("tweaks/addNewLinks.js"), self.data.url("lib/bugzillaDOMFunctions.js"), - self.data.url("lib/xorgBugCategories.js"), + self.data.url("rhlib/xorgBugCategories.js"), self.data.url("lib/otherButtons.js"), self.data.url("lib/makeBacktraceAttachment.js"), - self.data.url("lib/fixingAttMIME.js"), + self.data.url("rhlib/fixingAttMIME.js"), self.data.url("lib/logging-front.js"), - self.data.url('lib/bug-page-mod.js'), - self.data.url("lib/rhbzpage.js"), + self.data.url('tweaks/bug-page-mod.js'), + self.data.url("rhlib/rhbzpage.js"), self.data.url("lib/bzpage.js") ]; @@ -175,16 +175,16 @@ pageMod.PageMod({ contextMenu.Item({ label : "Toggle CC History", contentScriptFile : [ - self.data.url('lib/urltest.js'), - self.data.url('lib/cc-context.js') + self.data.url('tweaks/urltest.js'), + self.data.url('tweaks/cc-context.js') ] }); contextMenu.Item({ label : "Copy Check-in Comment", contentScriptFile : [ - self.data.url('lib/urltest.js'), - self.data.url('lib/checkin-context.js') + self.data.url('tweaks/urltest.js'), + self.data.url('tweaks/checkin-context.js') ], onMessage : function(comment) { require("clipboard").set(comment); |