Hey Axel, the sentiment behind enforcing a strict Content Security Policy (CSP) for packaged apps is to prevent cross site scripting (XSS) vulnerabilities from doing serious harm.
XSS is the most prevalent security issues in applications today. It is hard to fix from a developer standpoint but easy to mitigate with the browser's support (i.e., CSP). Applications that want to have more permissions than a normal web site should be protected with extra layers of security, so that this power does not fall into the wrong hands. There is a way to port your application to Firefox OS and honoring CSP at the same time. > Ps: when I move all the inline script into js-files I seems that the > global variables defined in that scripts are not global and therefore > not visible to other scripts… They are surely global! Maybe you are facing a race condition? Kind regards, Frederik P.S.: I wrote a comment in your bug. Let's keep the move the discussion here or on IRC. _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
