Living in a Go Faster, post-XUL world

Robert Kaiser kairo at
Thu Jul 16 20:15:22 UTC 2015

Gijs Kruitbosch schrieb:
> On 13 July 2015 at 14:13, David Rajchenbach-Teller <dteller-4eJtQOnFJqFBDgjK7y7TUQ at>
> wrote:
>> * Code the front-end with the add-ons API.
> If add-ons are sandboxed in some meaningful way, not all browser
> functionality will be writable with the add-ons API.

I don't think we can just sandbox all add-ons. I think we probably will 
need to end up with two kinds of add-ons: One that is sandboxed and has 
only access to a limited API but can go by with very limited review and 
signing, if any at all, and another kind that basically is what we have 
right now, not sandboxed, with full access to everything, but needing 
detailed reviews and string signing.
That said, I also think more than two or three kinds are too much and 
get complicated fast (see what we did with web apps on FxOS, the 
standard+fully-open / privileged+reviewed / certified+preinstalled-only 
groups are a pretty decent model but the latter should be something that 
can be eliminated).


More information about the firefox-dev mailing list