Prototype Apple Script support
Categories
(Core :: Widget: Cocoa, enhancement, P3)
Tracking
()
People
(Reporter: bespoleznyak, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
(Whiteboard: [mac:integration])
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
This is a but for tracking work on adding AppleScript support
Reporter | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Reporter | ||
Comment 2•4 years ago
|
||
Depends on D84922
Comment 3•4 years ago
|
||
Moving this over to a component, please move it over to the appropiate one if needed.
Comment 4•4 years ago
|
||
Dan, apologies for requesting need-info from you directly but I can't seem to find the sec-review flag anymore. Would you be able to set the flag on this bug, or answer the question below? Thank you.
I would like to get some input from the security team here to cover all of our bases. The purpose of this bug is to add the ability to script Firefox, for example to get the currently active URL in the browser. Is there a simple way of saying "yes, we can do this" or "no, there are several security reasons why we should avoid this"? If the answer is not that simple, should this go through a security review? If so, could you point me to the latest documentation on how to draw up a security review request? Thank you!
Some background on AppleScript: https://en.wikipedia.org/wiki/AppleScript
Comment 5•4 years ago
|
||
This one sounds concerning enough that we should do a review -- agreed. We'll want to know things like how this differs from WebDriver/marionette in capability, whether you've adopted any of the anti-abuse features they have, and what specific APIs/capabilities you'll be exposing to script. Please fill out the template linked to from our wiki page and mail it to our review list.
https://wiki.mozilla.org/Security/Reviews/
Comment 6•4 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #5)
This one sounds concerning enough that we should do a review -- agreed. We'll want to know things like how this differs from WebDriver/marionette in capability, whether you've adopted any of the anti-abuse features they have, and what specific APIs/capabilities you'll be exposing to script. Please fill out the template linked to from our wiki page and mail it to our review list.
https://wiki.mozilla.org/Security/Reviews/
Mikhail, do you want to take the lead on getting the security review started?
Reporter | ||
Comment 7•4 years ago
|
||
Sure, I just contacted the Security Team. Let's see what they say
Reporter | ||
Comment 8•4 years ago
|
||
Excuse me guys, I just received a delivery failure:
We're writing to let you know that the group you tried to contact (secreview) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:
It looks like I'm not able to proceed
Reporter | ||
Updated•4 years ago
|
Comment 9•4 years ago
|
||
Try it again. The group was apparently set up as internal only, but I've fixed that.
Reporter | ||
Comment 10•4 years ago
|
||
Yep, looks better
Reporter | ||
Comment 11•4 years ago
|
||
Hey guys, is there a chance to understand if my email was received at all? Three months and no signal...
Comment 12•4 years ago
|
||
@Mikhail thanks for your patience so far; I think a lot of the Mozilla folks haven't been following bugmail so closely over the holidays. I'll set a needinfo on :dveditz to help avoid this falling through the cracks...
Comment 13•4 years ago
|
||
The purpose of this bug is to add the ability to script Firefox, for example to get the currently active URL in the browser. Is there a simple way of saying "yes, we can do this" or "no, there are several security reasons why we should avoid this"?
All Webkit and Chromium browsers support AppleScript. All of them together severely dwarf Firefox in user base, yet I do not recall hearing of breaches due to AppleScript support in browsers.
I strongly recommend following how Chrome does it and its AppleScript Dictionary, because that will give you a head-start in adoption.
We'll want to know things like how this differs from WebDriver/marionette in capability
For one, it works without requiring additional software. As an avid automator (who shares) on macOS, I never include Firefox in my tools because I can’t (as it does not support AppleScript).
I have discussed this with Firefox representatives in the past and it was dismissed as a "power-user feature". What they always fail to understand is that power-users are the ones who create the tools non-power-users use.
When users of my tools tell me they will abandon Firefox because it cannot be supported by the tools they want, I never dissuade them. How could I, when that is a major reason I do not touch Firefox myself.
Updated•4 years ago
|
Comment 14•3 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months.
:spohl, could you have a look please?
For more information, please visit auto_nag documentation.
Reporter | ||
Comment 15•3 years ago
|
||
Hello, I'm still here :)
I'm still waiting for someone to proceed with the security review and let me know if I go in the right direction.
Comment 16•3 years ago
|
||
:dveditz, would you be able to take a look at what might have happened to the security review request?
Updated•3 years ago
|
Comment hidden (off-topic) |
Comment hidden (off-topic) |
Description
•