These Weeks in Firefox: Issue 72

Highlights

• about:logins and passwords
  • Ask the user for their OS account password before showing the passwords in the password manager
    

    The about:logins page triggering an OS account password prompt

• • Show indicators on saved logins that are re-using those breached passwords

    • To enable it, you can set the following pref to `true` in about:config: “signon.management.page.vulnerable-passwords.enabled”

  • Use field labels and attributes to determine new-password field types (via Fathom) to bring password generation to as many websites as possible!

    • Thanks to bdanforth who is working on this project

    • Analyzing performance and accuracy telemetry to tune this before release.

    • Please file a bug if you see password generation offered when it shouldn’t be (e.g. a log in form).

• We’ve posted an update on our partnership with Scroll! North American users can sign-up now for a risk-free 48 hour trial period
• Instant evaluation in the console is now enabled (bug) and will be riding the trains to release!
  

  DevTools console displaying a preview evaluation of the object in the console

• Context menu for elements rendered in the Console panel has a new action called ”Reveal in Inspector”. It navigates the user to the Inspector panel and selects the clicked element (bug).
  

  Context menu in DevTools console displaying a “Reveal in Inspector (Q)” option

• Double-clicking on the Picture-in-Picture player window now puts it into fullscreen
• We landed Fast Shutdown Phase 2 in Nightly, and we are waiting for more Telemetry to saturate to give us a better sense of the impact out in the wild. If you’re seeing broken behaviour around shutdown/restarts, please file bugs!

Friends of the Firefox team

Resolved bugs (excluding employees)

Fixed more than one bug

• aarushivij

• Alex Henrie

• Jayati Shrivastava

• Jorge

• Marinella

• Meena Murthy

• Ratnabali Dutta

• Tim Nguyen :ntim

• Tom Schuster [:evilpie]

New contributors ( = first patch)

• aleja533 updated one of our tests to use the common TestUtils.waitForCondition function

• nightwarriorftw made the DevTools Console more robust when trying to autocomplete unusual property names

• Amina Kenessova updated one of our tests to use the common TestUtils.waitForCondition function

• basavaraj.bugzilla fixed a bug in the Network Monitor where some request parameters would sometimes have a missing “+” character

• Farooq AR made it so that double-clicking on the resize handle in the Network Monitor causes the table column to automatically fit to content

• squidney updated some of our browser window code to use a new lazy getter

• jcadler migrated our internal about:checkerboard and about:crashes pages from XHTML to HTML files.

• Jorge made it so that sub-entries in the Site Protections panel are listed as full origins rather than just domains, and also updated one of our tests to use the common TestUtils.waitForCondition function

• Kishlaya made it so that the Network Inspector’s WebSocket panel doesn’t try to format control frames

• Krystle Salazar updated one of our tests to use the common TestUtils.waitForCondition function

• Kriyszig fixed a bug where the Request Blocking feature for the Network Monitor would sometimes truncate the bottom of some characters on Windows 10

• Marinella added the LetsEncrypt CT logs to the certificate viewer, and also updated one of our tests to use the common TestUtils.waitForCondition function

• Adam Hammad fixed a visual glitch for one of the borders for the DevTools Console on macOS

• Manish Sahani fixed an issue where the HAR file generated by the Network Monitor was missing some fields

• Mariana Pícolo fixed an issue where sometimes an MDN info icon would be missing in the list of header entries for a request in the Network Monitor

• Maria Ortiz [ :marylicious ] fixed an issue where we were accidentally using a string instead of a boolean in our DevTools code

• mirefly made it so that the addons manager will list all sites that an add-on wants access to when viewing its permissions, and also updated one of our tests to use the common TestUtils.waitForCondition function

• Patricia Lee added a context menu item for the DevTools Console which lets users reveal a node in the Inspector

• Ratnabali Dutta fixed a bug where sometimes we would fail to show the permissions dialog for camera or microphone access, making it difficult to grant permissions to the site. Ratnabali also updated one of our tests to use the common TestUtils.waitForCondition function

• salniker, one of our MSU capstone students, ported our profile selection dialog to Fluent

• sankalp.sans made it so that we don’t accidentally insert needless newlines when copying CSS rules to the clipboard from the DevTools Inspector

• Meena Murthy got rid of the old infrastructure for managing the insecure password indicator (since it’s preffed on by default now), and also updated one of our tests to use the common TestUtils.waitForCondition function

• Shayna updated one of our tests to use the common TestUtils.waitForCondition function

• shwetaagra28 moves some images into a more appropriate directory, and also updated one of our tests to use the common TestUtils.waitForCondition function

• Sourab made it much easier to read the drag indicator when dragging from the identity icon over dark backgrounds

• Samarjeet added a limit to the number of characters in the DevTools Console output, with the ability to expand to the full size

• Theo Ottah made it so that shift-clicking within the back/forward buttons in a private browsing window opens a new private browsing window

• Obayagbona Uwagbae Alexander updated one of our tests to use the common TestUtils.waitForCondition function

Project Updates

Add-ons / Web Extensions

WebExtension APIs

• Fixed an issue with the identity.launchWebAuthFlow API, which was causing the oauth dialog to get stuck while detecting the redirect_uri (Bug 1616596, landed in 76 and uplifted to 75)

• Shane fixed a bug in the activityLog API which was preventing some API calls from being logged as expected (Bug 1621491), issue spotted also thanks for the increased interest for this API due to the related GSoC project proposal.

WebExtensions Framework

• Starting from Firefox 76 the content scripts js code will not be precompiled in the parent process anymore (where they are never going to be actually used), Bug 1622104. Thanks also to Tom Ritter for adding the telemetry probes that allowed us to spot this.

• As part of the Fission-related changes to the WebExtensions internals, In Bug 1316748 (+ follow up fix from Bug 1624124) Tomislav ported the extensions Port implementation (part of the extension messaging API) to the Fission-compatible internals.

Addon Manager & about:addons

• about:addons now allow a user to see the entire list of host permissions requested by an extension (Bug 1579734). Thanks to mirefly for contributing this change!
  • Before Bug 1579734 [Screenshot]
    • Addon permission prompt truncating site permissions list
  • After Bug 1579734 [Screenshot]
    • Addon permissions prompt showing full site list

Developer Tools

• WebSocket Inspector (part of the Network monitor panel) is now supporting ActionCable WebSocket messages (bug)
  

  WebSocket Action Cable inspector

• Instant evaluation (aka Eager Eval) is now enabled in all channels and rides the train (bug)

  

  DevTools console displaying a preview evaluation of the object in the console

• Switching JS Execution context automatically updates instant evaluation results (bug) Note that you need to have the Context selector enabled (pref: devtools.webconsole.input.context)
  

  JS execution context selection menu

• Double-click table resize handler resizes column to fit its content (bug) (contributed by Farooq)
  

  Resizeable columns in DevTools Network tab

• The Application panel is now showing the current state of a Service Worker (bug).
  

  Service Workers “Status” field in DevTools Application tab

• Context menu for elements rendered in the Console panel has a new action called ”Reveal in Inspector”. It navigates the user to the Inspector panel and selects the clicked element (bug).
  

  Context menu in DevTools console displaying a “Reveal in Inspector (Q)” option

Fission

• Neil finished porting Remote Controller so the edit menu commands now work in fission

• Alphan Chen made some significant progress on session restore by moving more work into the parent process.

• Remote Page Manager is going to be converted to use actors. The work there also simplifies the code which performs access checks so the work is done in a base class so mistakes can be minimized.

Lint

• Dave Townsend and Ed Lee have landed ESLint and Prettier support for the nullish coalescing operator and optional chaining.

  • This is accomplished by using babel as the parser for ESLint. If you see any strange problems, please let us know (file bugs and/or discuss in #lint on Matrix).

• We’ll probably need to wait until the next ESLint major version before we get globalThis support (tracking bug).

New Tab Page

• Finishing up moving pocket story recommendation provider work into promise worker. Patch is in review now.

Password Manager

• about:logins

  • Don’t re-authenticate the user to view saved passwords shortly after the previous prompt

• Login Capture Doorhanger

• (Re-)landed the dismissed doorhanger when a password field value is edited! Users should always have the chance to save a password from a form now!

Performance

• bigiri has been doing a lot of research in how to cleanly decouple ASRouter from Activity Stream, to make it simpler to move more computation into the privileged about content process

• dthayer landed Fast Shutdown Phase 2 in Nightly, and we’re waiting for more Telemetry to saturate to give us a better sense of the impact out in the wild

• emalysz made it so that the Edit Bookmarks panel is now lazily loaded

• emalysz also made it so that GMP initialization occurs after first paint

• Gijs figured out a nasty shutdown hang involving IndexedDB and RemoteSettings, and is working out some intermittents with it now

  • Fixing this will hopefully allow us to enable the blocklist during Talos tests, to make them more realistic

• Gijs is also working on making startupcache writes occur using the background thread pool

• Gijs tore out the old slow XML implementation of the blocklist! Yay!

• mconley has a patch up for review that reads a dynamically generated about:home document out of the HTTP cache at startup

  • mconley has a WIP patch for writing to that cache that will go up for review later this week

• mconley resolved some intermittents related to the privileged about content process

• mconley is continuing to analyze Avast’s impact on startup times

Picture-in-Picture

• The player window now has a solid black background

Search and Navigation

Search

• No problems have been reported with the new search engine configuration so far, we have landed a patch to load the configuration via remote settings. We are expecting to ship it in 77.

• Work has begun on reducing the amount of data in the search engine cache, and also some work investigating cache corruptions.

Address Bar

• Visual redesign (update 1)

  • QA verification ongoing

  • Fixed wrongly sized favicons

  • Fixed a problem with Search Tips being dismissed too early

  • Fixed a problem with Search Tips being shown with default browser prompt

  • Allow policies to turn off Interventions feature

• Make Address Bar modules more easily reusable by other projects

  • Various code cleanups, work continues

• Address Bar results composition improvements

  • Improved deduping of equivalent urls

User Journey

• Experiment with a new style of heartbeat surveys

• Ongoing work to better integrate Messaging System and Normandy

• Ongoing work for a new about:welcome onboarding

• Adding telemetry to record failures to read attribution data