On Fri, Mar 16, 2012 at 8:47 PM, lkcl luke <[email protected]> wrote: > 2012/3/16 Jonas Sicking <[email protected]>: > >>> * Parent frame belongs to an untrusted app with no privileges. It opens a >>> child frame with a trusted app in it. Let's say the child frame performs a >>> privileged action as soon as it is opened, using a permanently-granted >>> permission. The untrusted parent frame has now caused some action to occur >>> without the user realizing it. >> >> I don't think we should allow trusted apps to be framed. I.e. if an >> app opens a url which belongs to a trusted app in an iframe, that url >> should run with no special permissions at all. Prompt or no prompt. > > jonas: it's not clear as to whether ben is referring to chrome > frames, iframes or what kind of frames. i created a specific section > which requests some clarification so that these things can be > discussed unambiguously and non-laboriously.
aww nuts. sorry. cut the link in preparation to paste it and then didn't paste it. sorry. https://wiki.mozilla.org/Apps/Security#Concepts_to_be_given_Official_Definitions _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
