Il 05/08/21 17:18, Tom Ritter ha scritto:
Over in hardening land we have been making (slow, incremental) progress on some of these types of things
A) Gijs prevented docshells from loading remote pages in the parent process a while ago. The mechanism for landing that was simply test it, land it, fix a couple regressions.B) Christoph and I were eventually able to disable eval() in the System Principal Context and Parent Process. This was a much slower rollout - we collected Event Telemetry on all channels, carved out exceptions as needed, and refactored a few instances. Then we slowly rolled it out in enforcement mode.
C & D) Freddy and I have been working on disabling loads of files by the System Principal and loads of javascript files in the parent that aren't chrome/resource:// respectively. This is slower work, and has been using Event Telemetry also.
Event Telemetry has worked well for these efforts; we deploy it in reporting mode, and roll out reporting mode incrementally on the channels, then roll out enforcement mode. We're able to collect some detailed information (on Windows, thanks to reused platform code) that safely redacts information we don't want to collect while providing as much context as we can. That code could be refactored if others wanted to use it.
However we're also reaching the point where we haven't been able to find the last odd occurrences. There was a proposal to add a new type of Telemetry Probe that would allows us to submit stacktraces without a crash (like BHR) but that hasn't gotten a lot of traction. I'm planning on experimenting with a 'crash the browser at most once per user' to collect a stack trace on the JS File Loads. I don't love that idea, but because Event Telemetry shows relatively few people being affected by what I'm trying to find it's a trade-off. That could _also_ be used by others, but if enough people really wanted it, it would be better to invest in making the non-crashing stacktrace-reporting ping.
It looks like this kind of need comes up regularly lately!
Maybe you're already familiar with these, but here's some recent effort from the DOM team in this area, https://bugzilla.mozilla.org/show_bug.cgi?id=1700915, with a summary of their findings at https://docs.google.com/document/d/1KPNr-NHa_1yQYO4WFgbpNLNR4ZXEYxNKDsjMe0KZrEU/edit.
And here's a relevant proposal about "Diagnostic Reports",
https://docs.google.com/document/d/1MNGRD0l6wpcM41aObScx--9gNq2X7FF4K9OH6arLoRc/edit.
- Marco.