undefined | Better HN

0 pointsprobablyrobert5mo ago0 comments

DRM is not possible to support unfortunately: https://glide-browser.app/faq#why-can't-i-play-drm-content

Firefox Sync does work!

RPC is not currently supported but I agree it would be pretty interesting, tweety[0] was recently shared with me and that looks like it'd be quite nice, although I haven't tried it yet.

So far the only divergence from Firefox that could impact security is evaluating the config file, so I've described how that is sandboxed in the security[1] docs but I'm not super happy with the contents of that docs page; anything else you'd like to see mentioned?

[0]: https://github.com/pomdtr/tweety

[1]: https://glide-browser.app/security

0 comments

slightwinder5mo ago

I've seen in the docs that the config does not support imports and also uses a special function for including config from other files. Will it stay this way? And does also prevent code from loading&eval via network? Maybe flesh this out more explicitly in the security-doc. It's not quite obvious from being in-between the docs.

Also, what about 3rd-partys? Can other webextensions access glides functions? Or even worse, websites? I guess this is prevented by Firefox itself, but explaining this more explicitly might be also an enhancement for the security-doc.

probablyrobertOP5mo ago

I'm not entirely sure what is going to happen with imports to be honest. My current thinking is that they'll be supported eventually but that imported modules should not have access to glide APIs. For anything that does need to use glide APIs, I would support that through a separate API.

Yes eval is blocked, and extensions / websites cannot access glide APIs.

Thanks that is very helpful! Agree those things should be mentioned in the security doc.

j / k navigate · click thread line to collapse