[amelius]

Security implications?

Does this strip away a layer of security?

[mcpherrinm]

Firefox used to be built in a custom markup language called XUL, which had a number of security issues over the years as it got less attention than the HTML, etc used to render page contents.

So this should help Firefox be more secure, by decreasing attack surface.

[noja]

But XUL was simpler, wasn't it?

[pcwalton]

Maybe marginally so in isolation? But that isn't the metric that matters, since a browser has to render HTML. HTML + XUL is more complex than just HTML.

[floatboth]

The article talks about XBL (the binding part of XUL?):

> There are hard to debug complications with binding lifecycles in our UI, and very few people know how it works.

> It adds enormous complexity to our platform in the frame constructor, style system, and the DOM implementation.

[pfraze]

When you control the webview, you can establish fairly strong limits on where content and code can come from, same as with CSPs. Injection into the context really shouldn't be possible. You'd need to hit some kind of exploit such as an image-parsing buffer overflow, which any other frontend technology would be vulnerable to. Given that web tech gets a lot of attention to avoid those kinds of exploits, I think web platform UIs might be the safer call.

[BubRoss]

Why would there be security implications?

[capableweb]

There is always (most times) _some_ sort of security implications in most larger decisions we take when building software.

Especially when receiving generally untrusted input from the internet (websites, extensions, web-workers in this case) and you're suppose to display/use that somehow.

[BubRoss]

In this case specifically though, what security problems do you think there might be?