New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ToDo: diffs FF102-FF103 #1518
Comments
some bugzilla tickets
|
The only thing that looks interesting to me besides |
FYI for Nightly users: @Thorin-Oakenpants anything left to look at for #1508? do you want to add the pdf prefs as enforced defaults? |
I just haven't gotten around to finishing off checking what those prefs do exactly, but my first instinct is we don't need to do anything with them I don't just move prefs to ignore willy nilly, I actually look up and deep dive a lot of them - I only move some without checking if it's obvious - like threadcounts I decided to take an extended break .. what's the hurry? Am happy not reading any bugzilla/moz stuff for a while |
no hurry, I was actually offering myself to do the deep dive if there is still something you want to know; I already read the pdf stuff for example. |
so I haven't looked at the last two, and I do not see any issues at face value based on my instincts
over to you guys to do some work .. I'm off to for some 🐟 and 🍟 |
from my understanding of the bugzilla key comments:
the pref was introduced to give a choice, so it's behavioral and there isn't a change in how the native reader works. PDFs like https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_of_Sideloading.pdf will for example still open in the built in reader without a download occurring; one would think that if it was safe before this release, it still is. if by isolation you mean the storage, then according to |
|
for me a pdf opened in a browser tab is not file:// .. https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf .. and has no I wasn't thinking of partitioning (and inline on the first party is not covered by partitioning on that first party) - what I meant by isolated was permissions - pdfjs has limited js ability (which we disable anyway) - I think it might be better explained in the moz hacks/blog/planet when they added pdf js. AFAIConcerned, an inline pdf is just a dumb element in the page |
What does "opening PDFs inline" mean? That instead of downloading them, they are opened in a new tab using that URL? |
Yes, if it has an |
FF103 is scheduled for release July 26th
FF103 release notes
FF103 for developers
FF103 security advisories
68 diffs ( 34 new, 19 gone, 15 different )
new in v103.0:
removed, renamed or hidden in v103.0:
6012
pref("security.pki.sha1_enforcement_level", 1); 1766687 - 0e2d566changed in v103.0:
7016
pref("network.cookie.cookieBehavior", 5); // prev: 4ignore
click me for details
==NEW
==REMOVED, RENAMED or HIDDEN
==CHANGED
The text was updated successfully, but these errors were encountered: