Skip to content

Latest commit

 

History

History
155 lines (112 loc) · 4.23 KB

README.adoc

File metadata and controls

155 lines (112 loc) · 4.23 KB

HIDFox

Firefox WebHID API support through webextension native messaging.

Demo

Demo is outdated, the UI is much more polished now.

Security

Consider it dangerous and harmful for now. You can try to use it, still.

Current concerns:

Page has access to the Hid/HidDevice objects

Sensitive information here is protected by private fields (#name) and symbols.

Is this good enough? Maybe all of the sensitive objects should be passed as a closure? Anyway, even injected script should only access non-sensitive information.

For devices, ids hash is used, and this may be used for unique user identification (If user has allowed hid access to the page), but not for system information disclosure

Page may intercept/inject WindowMessageChannel data

Uh oh. Content script should block any AddForwarded calls from the injected script, and should not send any sensitive info (See the first concern).

User error

Some considerations are taken into account, there should be an ability to not remember device access, there is an delay before allowing device access button activates, to prevent misclicks.

In case of device not found - there is no immediate rejection, user should reject device access themselves, so the page may not identify user by querying accessible devices.

Performance

None. The protocol is awful for now, do not expect it to transfer large amounts of data quickly.

Every packet is serialized to json, and has at least 3 hops:

  • Injected → Content (No serialization/deserialization. Message object is passed between 2 isolates)

  • Content → Background (Quick serialization)

  • Background → Native (JSON serialization + JSON deserialization)

Every byte array is serialized as JSON array. At least base64 should be used.

Binary format is not possible, as background<→native communication may only use utf8. Maybe implement base127?

HID:

hid

Hid device:

hid device

Plans

TODO: Switch to popups, once https://bugzilla.mozilla.org/show_bug.cgi?id=1799344 lands

TODO: Use popups when available in case of about:config flag set

TODO: Settings

TODO: Security

TODO: Do not remember transient device ids

TODO: Ability to disable extension by default, whitelisting pages to have HID access.

TODO: Make it possible to support third-party extensions, I.e injection into metamask. Probably requires metamask extension support?

License

Not decided yet, code is not yet completed. For now consider this code source-available, and do not try to use it.