Here's the first API up for discussion. This should be pretty straightforward so I hope to close out this discussion by end of day Thursday (PDT).
I'd like to keep this discussion on mozilla.dev.webapps, but I'll take responses on other lists over silence. :) Name of API: Screen Orientation Reference: bug 720794 bug 673922 Brief purpose of API: Get notification when screen orientation changes as well as lock the screen orientation Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation) Threat severity: low per https://wiki.mozilla.org/Security_Severity_Ratings == Regular web content (unauthenticated) == Use cases for unauthenticated code: Prevent screen orientation from changing when playing a game utilizing device motion Authorization model for normal content: implicit for detecting orientation, explicit runtime for locking orientation Authorization model for installed content: implicit for both Potential mitigations: Orientation should remained locked only while focused. == Trusted (authenticated by publisher) == Use cases for authenticated code: Same as unauthenticated Authorization model: implicit Potential mitigations: Orientation should remained locked only while focused. == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Same as above Authorization model: implicit Potential mitigations: none _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
