Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Don't capture DOM strings in add-on #2931

Closed
johngruen opened this issue May 30, 2017 · 3 comments
Closed

Don't capture DOM strings in add-on #2931

johngruen opened this issue May 30, 2017 · 3 comments
Assignees
@jaredhirsch
Milestone
General Release 55

Comments

@johngruen
Copy link
Contributor

Since they may leak information in unintended ways, we should not pass the strings captured in screenshot extraction to non-owner views.
@johngruen johngruen added this to the Screenshots in 55 milestone May 30, 2017
@ekr
Copy link

ekr commented May 30, 2017

Per my comments in e-mail, I don't think we should be uploading them at all. The user just agreed to upload the rectangle.

@ianb
Copy link
Contributor

ianb commented May 30, 2017

Implementation note: to remove collection entirely we need to remove the call to util.captureEnclosedText() in shooter.js

@ghost ghost added the firefox-55 label May 31, 2017
@ianb ianb changed the title Don't pass snipped strings to non-owner views Don't capture DOM strings in add-on May 31, 2017
@jaredhirsch
Copy link
Member

I can take this. make it configurable via buildSettings

@jaredhirsch jaredhirsch self-assigned this May 31, 2017
@ianb ianb closed this as completed in d30ef08 May 31, 2017
ianb added a commit that referenced this issue May 31, 2017
@ianb
Merge pull request #2943 from mozilla-services/2931-disable-text-capture
4c7850a 
Fix #2931: disable DOM text capture by default
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jaredhirsch jaredhirsch

Labels
None yet
Projects
None yet
Milestone
General Release 55
Development

No branches or pull requests
4 participants
@ianb @jaredhirsch @ekr @johngruen