On Fri, Mar 16, 2012 at 5:02 PM, Jim Straus <[email protected]> wrote:
> I would like to propose that we can get the equivalent of a packaged > web-app without actually packaging all the content. If the manifest > includes a list of components of the web app (the javascript, html, css, > possibly more if needed), and a signed hash for those pieces (either in > aggregate or individually), then we have the equivalent. Surely that only works if the HTML, CSS and JavaScript are completely static which is not very likely given that most web apps have a large server-side component. The content of an HTML page is likely to be different every time the user loads it. > The manifest can also specify chrome or not. What do you mean by "chrome or not"? Ben -- Ben Francis http://tola.me.uk _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
