Posts Tagged ‘opensource’

Release 0.3!

November 23, 2011 Leave a comment

Whew! It’s been a while but my 0.3 has now been released! In this release, I’ve been working on Paladin/configurator subsystem. By now, it has become quite mature and achieves all required functionality. Also being used is IndexedDB as the load/store backend. Also important is that the codebase has now been brought up-to-date with the rest of the engine.


  • Added comments to all of the Configurator tests that didn’t have any. Improved some of the comments that were there before as well as improving some test structures slightly.
  • Removed Cookie.js from the engine. Cookies are no longer used as load/store backend, now replaced with IndexedDB.
  • Many functions had vague local variable names; their names have been improved.
  • load/store are now both asynchronous.
  • Added config/default.js for local configurations that need to be baked into the engine.
  • Configurator now uses gameID to load/save configurations.
  • Brought Configurator codebase up-to-date.

commit:ย a94ea288daabd84ea222a5a08da78ec4095479b3

issue thread:

pull request:

I also have some work to do for XSS Me but that has taken a back-seat to the work on Paladin. Currently, the plan is to dedicate most of 0.4 towards XSS Me. We’ll see how this all pans out.

Done and Done, Pt. 2

November 13, 2011 5 comments

Success! I’ve managed to alter the reported location of the cursor! Here’s what I did to get it to work:

The file that I had to modify was content/events/src/nsDOMMouseEvent.cpp, this is the implementation file of the DOM MouseEvent in firefox.
The updates were as follows:

// ... snip ... line 223

NS_METHOD nsDOMMouseEvent::GetScreenX(PRInt32* aScreenX)
  //*aScreenX = GetScreenPoint().x;
  *aScreenX = 17000;
  return NS_OK;

nsDOMMouseEvent::GetScreenY(PRInt32* aScreenY)
  //*aScreenY = GetScreenPoint().y;
  *aScreenY = 18000;
  return NS_OK;

NS_METHOD nsDOMMouseEvent::GetClientX(PRInt32* aClientX)
  //*aClientX = GetClientPoint().x;
  *aClientX = 7000;
  return NS_OK;

nsDOMMouseEvent::GetClientY(PRInt32* aClientY)
  //*aClientY = GetClientPoint().y;
  *aClientY = 8000;
  return NS_OK;

// ... /snip ...

As you can see, I forced the reported values for the cursor’s position to be 17000/18000 for the screenX/screenY members and 7000/8000 for the clientX/clientY members. This is a pretty naive way to do it but it proved to produce results. Check it out!

This is what happens now when a user attempts to right click anywhere in the page. As you can see, the context menu appears far off into the right bottom corner ( since the coordinates go off screen ).

Interestingly enough, the changes to the event class do not affect the native windows right click context menu ( can be triggered by right clicking in the same vertical space as the minimize/maximize/close buttons ), as can be seen here. Also not affected is text selection and clicking buttons/links and forms.

Also interesting is that no assertion errors are usually thrown. I have managed to provoke an assertion error however simply by middle clicking ( click the wheel of your mouse if you have a mouse wheel ) somewhere inside the page; the page being used should have sufficient text for the quick drag middle click popup to appear, for an example this page should work. Scroll around a bit if you don’t first succeed.

In conclusion, it seems that it is not immediately obvious how MouseEvent is used internally. On the one hand, the values reported through the event to the js engine are the only way for the js to figure out where the cursor is; so as far as the js is concerned, whatever we return here will be where the js believes the cursor to be. On the other hand, some internals seem to use the values returned from the getter functions of the mouse event object as well; this may make updating the values to our whims possibly difficult due to the sheer size of firefox’s internals and the fact that we don’t *exactly* know what will be affected by our meddling.

P.S. The MouseEvent class also defines some longs (screenX, screenY, clientX, clientY); from what I could tell, these are only updated during initialization:

// ... snip ... line 106

nsDOMMouseEvent::InitMouseEvent(const nsAString & aType, PRBool aCanBubble, PRBool aCancelable,
                                nsIDOMAbstractView *aView, PRInt32 aDetail, PRInt32 aScreenX, 
                                PRInt32 aScreenY, PRInt32 aClientX, PRInt32 aClientY, 
                                PRBool aCtrlKey, PRBool aAltKey, PRBool aShiftKey, 
                                PRBool aMetaKey, PRUint16 aButton, nsIDOMEventTarget *aRelatedTarget)
  nsresult rv = nsDOMUIEvent::InitUIEvent(aType, aCanBubble, aCancelable, aView, aDetail);

    case NS_MOUSE_EVENT:
    case NS_DRAG_EVENT:
       static_cast(mEvent)->relatedTarget = aRelatedTarget;
       static_cast(mEvent)->button = aButton;
       nsInputEvent* inputEvent = static_cast(mEvent);
       inputEvent->isControl = aCtrlKey;
       inputEvent->isAlt = aAltKey;
       inputEvent->isShift = aShiftKey;
       inputEvent->isMeta = aMetaKey;
       mClientPoint.x = aClientX;
       mClientPoint.y = aClientY;
       inputEvent->refPoint.x = aScreenX;
       inputEvent->refPoint.y = aScreenY;

       if (mEvent->eventStructType == NS_MOUSE_EVENT) {
         nsMouseEvent* mouseEvent = static_cast(mEvent);
         mouseEvent->clickCount = aDetail;

  return NS_OK;

// ... /snip ...

It may also be interesting to play around with these values; I have not touched these values for this update.

Configuration Registry 0.2

October 29, 2011 Leave a comment

I am now calling the 0.2 version of the configuration registry released! The configuration registry is now almost completely useable. In this revision, I’ve implemented loading/storing to local browser storage ( ie a cookie ); as well, clearing and JSON serialization were implemented in this revision. The new features are backed up by rigorous ( more or less ๐Ÿ™‚ ) unit tests.

The only thing left to implement is loading using xhr. Due to the lack of a good way to unit test xhr, I’ve been hesitant to start writing this feature in. Version 0.3 of this bug will include xhr loading.

Since only xhr loading is left, I plan to start working on other bugs/other projects for the 0.3 release.

I look forward to my code being reviewed. If you have the time, come over to the pull request thread and drop a word or two ๐Ÿ™‚

Pull request:
Issue thread:ย

Back in Action on Paladin, XSS Me for 0.3

October 26, 2011 Leave a comment

It’s Wednesday, October 26, 2011. I’ve been on something of a hiatus for a week or two as I’ve been mostly preoccupied with EJB605. It’s time to get back to work on OSD and not just because 0.2 is due tomorrow. Luckily, my particular project involves a steady linear progression towards completion at some point. I imagine that 0.2 will be the last release that I do for the Configurator Registry.

With that in mind, let me take a minute to point out how awesome it has been to work on Paladin. Coming from a background with a lot of interest in game development as well as a sizeable amount of work invested in other game engines over the past 2 or 3 semesters, I found Paladin to be very nicely written. The organization and enthusiasm of its volunteers and project leads is quite refreshing. This is why I will be going back to Paladin to help them out whenever I can in the near future. However, for my 0.3 release, I thought that I would like to change course a little bit.

XSS Me is an explicitly open-source FF add-on that tests sites for XSS vulnerabilities. It is a tool used and loved by many web devs around the world to test their sites for XSS flaws. For the uninitiated, an XSS flaw ( Cross-Site Scripting, shortened to XSS ) is a type of security flaw that allows an attacker to execute arbitrary Javascript on a website by submitting specially crafted user-data to that site. This can be something like a Facebook post or a user blog on a blogging site. This is very dangerous on websites like Facebook that thrive on user-submitted data. The results of a successful XSS attack can be devastating considering that the browser of each user viewing the attacker-submitted data will be executing whatever Javascript the attacker desires.

XSS Me partially mitigates this threat by doing the attacker’s work for you, thereby giving a webdev some indication as to whether their website is vulnerable to XSS attacks. I had the chance to work on XSS Me when I worked for Security Compass ( also see SecCom Labsย ) as a part of Seneca’s coop program. What makes XSS Me interesting is that it does its work fast, really fast. XSS Me will send many requests to a target website, encoding an XSS attack vector into each request; it will then analyze each response, scanning for evidence that the attack vector had caused the site to execute specific Javascript encoded in each attack vector. Since Javascript is single threaded, one would think that this process is quite slow once you factor in the hundreds of attack vectors that have to be sent to the site.

To achieve its speed however, XSS Me gets clever. Since XSS Me is an FF Add-on and not a web-page Javascript, it gets more privileges as it executes in the browser’s context. XSS Me leverages this power by opening up multiple tabs and executing Javascript code in each one. In this way, XSS Me fakes real threading into Javascript.

This mostly works. However, some nasty bugs have emerged from this construct that are difficult or impossible to diagnose; one heisen-bug in particular caused me much grief as I tried to squash it, failing time and time again despite numerous attempts. With the advent of HTML5 and web workers, I saw a chance to update the core threading component of XSS Me to utilize web workers. I find this to be an exciting opportunity because I like concurrency J

None of this is for certain as I still have to discuss this plan with Humph; should it pan out however, I think that it would be an exciting way to enter the world of HTML5 threading. As well, if anyone else is interested in working on XSS Me, there’s plenty of work to go around.

My First Pull Request

October 1, 2011 Leave a comment

Just now, I’ve submitted my first github pull request for the Mozilla/Paladin initiative and already I made some mistakes! The workflow to submitting a pull request is clearly outlined in their workflow page (which I read ages ago and forgot about entirely :P).

Luckily, things are mostly OK but I should have done some make tests before throwing my branch into the fray. I am currently performing those tests post-request submit…

Next time, hopefully the order of things will have improved ๐Ÿ™‚

Configuration Registry, Rel 0.1

September 29, 2011 Leave a comment

For the past little while, I’ve been working on a particular issue in Paladin’s issue tracking system. That issue proposes the creation of a configuration registry subsystem that will someday determine which Gladius subsystems execute and with which options.

At the moment, setting configuration options in Gladius is a bit of a mixed bag; this new subsystem should improve the state of things.

Tonight is my first milestone in the creation of this subsystem. I’ve written my ideas on how the subsystem will be designed and will operate, (—Configurator-Registry-Design )
and I’ve also written the bulk of the unit tests that will tell us when the subsystem is more or less ready for primetime ( ).

Guys, humph, take a look and tell me what you think. I’d very much like someone to tell me in which specific ways my tests are terrible, I think that I would appreciate that a lot ๐Ÿ™‚

I’ve always liked the TDD approach ( ) and hopefully the many scanning eyes of the internet can tell me where I can improve!

Cheers guys and good luck with all of your 0.1 releases!

Configuration Registry Proposal

September 27, 2011 Leave a comment

I took a break from writing/refining tests to write down my design ideas on the configuration registry. I’ve created a wiki page on my github gladius fork where my ideas have gone. If interested, please take a look and let me know what you think:

Wiki page:—Configurator-Registry-Design
Issue page with requirements (first post):

Also have a look at some tests ๐Ÿ™‚