Security/Reviews/Firefox6/ReviewNotes/Toolbarless

Preliminary Security Meeting 2011.06.08

Could the app-tab toolbar show up if you mouse into the tab area (something like the full-screen locationbar dropdown)?
If Camera/mic are active we could have a chromeless top-most window containing the indicators?

Shouldn't be tied to a particular tab because they're active globally.
Clicking on the floating window could bring the window/tab using them to the front. (This is different from the indicators of "permission granted" for various actions.)

when toolbar is hidden, url should show in tool-tip with title and other security indicators
- bsmith is concerned about "teaching users to be phished" if a toolbarless app tab redirects to facebook for login, and facebook asks for your facebook password.
makes it harder to add "persistent indicators" for microphone/camera
apptabs can navigate themselves and then have a different domain in an apptab
- this should un-apptabify
- if you click a link that is in another domain then a new tab opens that is not an apptab
  - this is a known issue the team has chosen to accept at this time
- can we restrict it so that only the apptab itself is allowed to navigate, and not other sites that somehow get access to its window object (e.g. through "opener")?
What is "origin" for an app-tab. Discussion about whether it's DOM origin (scheme/host/port) or eTLD+1. true FQDN:port lock would be safer.

[Brandon] Bug to be filed: navigation away from same origin should open in an new tab -- whether by user action (link click) as now or by script setting location or HTTP redirect.
- Brandon filed bug 662926 for this limi says that even site-initiated navigation away from the same origin should open in a new tab. This is a bug that needs to be filed since script can currently navigate the app tab.
[Lucas] file bugs for indicators for geolocation usage, webcam usage: bug 664359
Tool-tip change: bug 662923