Closed Bug 9602 Opened 25 years ago Closed 25 years ago

[feature] No modal confirmation dialog == huge security hole

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect, P1)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: dveditz, Assigned: dveditz)

References

Details

Due to the lack of modal dialogs we have not yet implemented the "hey! we're about to install something. OK?" confirmation dialog. This is a HUGE HUGE HUGE security hole once XPInstall is working and available on the web.
We have modal dialog support, in JS (window.openDialog in a chrome window) and C++ (OpenDialog, needs work that danm is doing to allow varargs calls and avoid foisting jsapi.h usage on callers). With Necko, they might even work correctly on non-Windows platforms, because Linux and Mac and any others that aren't yet using nsIEventQueue and netlib in separate threads, will be doing the right thing. Anyway, using Windows openDialog, you should be able to get confirmation right now. /be
Status: NEW → ASSIGNED
And of course the sucky thing about window.openDialog is that you need a parent window to call it. XP_GetSomeWindow() anyone? I imagine there's a window buried in the ctxt that Necko appears to pass around (shades of MWContext). After we show the modal dialog and bring up our download progress window will the download be cancelled by a user closing the window or switching pages? We don't want that. I expect people will visit a site, start a long download for an install, and then want to keep browsing while it's downloading. Having the child window tied to the parent would suck in that case. If it's not tied then why do I need to supply one? (this is specifically a non-modal window I'm asking about now, because we've been told to use window.openDialog() for that too. I can see the value of having a parent for a modal dialog--though it doesn't help me get one when launched from C++ code).
If we were or ever will use native "parent window alwaysRaised modality", you would want to recover the correct parent window for such dialogs, or they won't stack and iconify correctly. I'm not sure what the deal is with our current XP modality, so I'm cc'ing hyatt and mcafee. Adding warren for necko help. /be
Severity: normal → critical
Target Milestone: M9
Priority: P3 → P1
Blocks: 11020
Summary: No modal confirmation dialog == huge security hole → [feature] No modal confirmation dialog == huge security hole
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Build 8/16/99 We have a confirmation dialog!
Bulk move of XPInstall (component to be deleted) bugs to Installer: XPInstall Engine
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.