Hey Richard. Thanks for making me aware of this security issue. Unfortunately, I don't know if the issue has been addressed or how it's being prioritized within the add-ons team. I added a comment referencing our thread (and how mobile add-on developers might get stuck without a proper replacement) but I don't have much more to add beyond that.
I think following up with the add-ons, or WebExtensions, team directly (I don't know how active webextensions-support@ is) would be your best bet at a more thorough response. - Mike (:mcomella) On Sat, Aug 5, 2017 at 2:45 AM, Richard Z <r...@linux-m68k.org> wrote: > Hi, > > > > Again, with little knowledge of the new APIs, here are some potential > > solutions: > > > > - The JS API `window` has a few existing methods to display a dialog: > alert > > <https://developer.mozilla.org/en-US/docs/Web/API/Window/alert> (dialog > > with OK button), confirm > > <https://developer.mozilla.org/en-US/docs/Web/API/Window/confirm> > (dialog > > with OK & cancel buttons), and prompt > > <https://developer.mozilla.org/en-US/docs/Web/API/Window/prompt> (dialog > > with OK & cancel buttons and an input field). You can run these in the > > context of the page. > > not flexible enough. So far I have a custom vertical menu with 5 entries > which could easily become more. > > > - Inject your own custom HTML prompt in the page the user is interacting > > with – you could model it after the JS prompts or existing Android > prompts. > > There are also open source libraries for this (some examples, which I > have > > not vetted myself: bootbox <http://bootboxjs.com/> and vex > > <http://github.hubspot.com/vex/docs/welcome/>). > > Isn't this a security disaster waiting to happen analogous to this: > https://bugzilla.mozilla.org/show_bug.cgi?id=1287590 > > Has this been somehow addressed? > > Richard > > -- > Name and OpenPGP keys available from pgp key servers > >
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
