User:Cdolivei/EditorTools
Contents
Overview
As the addon community continues the grow, there is growing pressure on editors to review updates and new addons faster. Especially when approaching a major release, the influx of new addons and updates creates a backlog. This is both a source of frustration for the community, as a review may take weeks or months between releases.
The situation is currently like airport security. Everything from carry-ons to people to luggage is being meticulously checked. But unlikely airport security, we are lacking tools to make our contributions more effective. If you take away the metal detectors and the scanners, your forcing airport security to and manually check every bag, piece of luggage, and person.
Objective
Create tools integrated into the editor's panel of Remora that will check addon's for particular keywords. These keywords would make the editors job more effective by focusing energy on certain parts of the extension rather than as a whole.
Security considerations
Remote code retrieval
- Use XMLHttpRequest (most common method)
- Using low level C++ components that are scriptable. (???)
- <script> tag from XUL/HTML files
Execution
- msISubScriptLoader's loadSubScript() method
- eval()
- Components.utils.import()
- Components.utils.evalInSandbox()
- more
Other considerations
- Code practices. Such as enforcing an alt+modifier on keyboard shortcuts for Mac compatible addons (http://developer.mozilla.org/en/docs/XUL:Attribute:modifiers)
- More advanced tools can locate what names are being added to the global scope to prevent name-collisions.
- Trying to include remote js via the <script/> tag