----- Original Message ----- > From: "Adam Barth" <abarth-mozi...@adambarth.com> > To: "ptheriault" <ptheria...@mozilla.com> > Cc: dev-security@lists.mozilla.org, "Mozilla B2G mailing list" > <dev-...@lists.mozilla.org>, cjo...@mozilla.com > Sent: Tuesday, March 6, 2012 10:30:48 PM > Subject: Re: [b2g] B2G Threats/Controls > > I won't be able to make the call, but I've left one comment inline: > > On Tue, Mar 6, 2012 at 10:15 PM, ptheriault <ptheria...@mozilla.com> > wrote: > > Chris, > > > > - Vulnerable Web App > > - Web application security threats (XSS, SQLi, etc) > > ^^^ One way to address this threat is to require that B2G apps have a > Content-Security-Policy that meets some minimum bar. Chrome has > started doing this with its extensions and packaged apps (see > <http://blog.chromium.org/2012/02/more-secure-extensions-by-default.html>). > You might want to do something similar. >
Yes, definitely. Thanks for the link. Cheers, Chris _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security