6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
1/9/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#2565] Firefox 3 bookmarks extension
*
Your Email Address
*
Spam protection
Enter the letters below:
. ..__.. ..___ __ |__|| ||__|[__ / ` | ||__|| || \__.
Comment
>>> It would. I had a reason for deciding against implementing JSON-RPC > >>> (pretty much the only RPC-over-JSON standard I saw.) > >>> (http://json-rpc.org/wiki/specification) Now I'm not sure why, but I > >>> think it may be that the newest version is still being written up in > >>> specification. I'll look at it some more. > >> > >> The spec looks good. > > > > Yeah, on second glance it's alright. I think I've finished > implementing the backend, but I haven't tested with a real JSON-RPC > client yet. I'll probably adapt an existing JSON-RPC library to use > Horde's AJAX/JSON stuff, and use that for my extension. > > > > As for security, I think the point is moot, now that the only way > anything useful can be retrieved is with a POST, and nobody should be > able to forge and read with POST, right? > > > >> > >>>> Regarding the AJAX and JSON stuff inside the XPI, I suggest that you > >>>> use prototype that we use anywhere else in Horde. The most recent > >>>> version has support for a CSRF protection built in. > >>>> Heck, we could even build the XPI on the fly including the source > >>>> files directly. Much easier than rebuilding the XPI anytime you > >>>> change something. I plan to do this for IMP since ages. > >>> > >>> This sounds like a good idea to look into. Where is the source? > >> > >> In my head. But it shouldn't be too hard. We have the Horde_Compress > >> library that we already use to create ZIP files on the fly. We should > >> probably put the XPI contents under trean/lib/XPI or > >> trean/templates/xpi with the same layout like in the XPI file, for > >> better maintainability. > > > > Well, actually, I don't have to re-compress for my own development > because there's a way to point Firefox at a directory and it works > just like an XPI had been installed there. But if I understand what > you're saying, it would be neat. The XPI could be downloaded from > the Horde server, which would allow us to throw in some subtle > features like making the XPI's default server URL be the server > you're downloading from. (Perhaps that would not be desirable, > though.) Is that what you meant?
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers