Oren Blasberg
unread,Apr 9, 2015, 10:30:43 PM4/9/15Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Joel Weinberger, Ken Rockot, apps-dev, chromium...@chromium.org, Security Enamel, Benjamin Kalman
Hi Joel,
The new Settings packaged app would be bundled with Chrome, and the API would be explicitly whitelisted only to work with that app. However, it's looking like at least for the initial iteration of the new Settings, we will just be loading it in the browser UI and not as a packaged app due to some other technical bumps we hit along the way (I18n being one of them).
Has there been a security review of the new settings app yet?
As mentioned, we haven't been developing it as an "app" exactly; this is still WebUI in fact. The code is located under chrome/browser/resources/settings. See [1]. We weren't aware of a need for a security review done on the new settings other than this very security review, on the new extension API.. Is there such a need? Could you point us to what we need to do, if so?
Also, I'm unfamiliar with the current chrome.send() approach to getting settings preferences; is that how it's currently implemented? I thought that all of the preferences and settings pages were WebUI pages, and thus the preferences were type checked at compile time when the WebUI is built?
Yes, the existing settings pages are WebUI and use chrome.send. The new settings is also WebUI, but we prefer not to use chrome.send because it is fragile -- the C++ code relies on the presence of some javascript method(s) and/or variables existing in the global scope of the JS code in order to work. It also means that if we change one of those method names, it's easy to forget to update the other side, leading to hard-to-track regressions. Using the extension API gives us a nice explicit contract.
I'm not aware of any compile-time type checking on the preferences with the existing settings code. With this new API implementation we enumerate the prefs allowed to be touched by the UI calling into the API, along with their types. So the API code will enforce type correctness at runtime.
Thanks!
Oren