Hi all, Speaking about the pieces of technology which are important, and for which it would be good to have a security review : the Service Worker is in First Public Working Draft, see http://www.w3.org/TR/2014/WD-service-workers-20140508/
Abstract : This specification describes a method that enables applications to take advantage of persistent background processing, including hooks to enable bootstrapping of web applications while offline. The core of this system is an event-driven Web Worker, which responds to events dispatched from documents and other sources. A system for managing installation, versions, and upgrades is provided. The Service Worker is a generic entry point for event-driven background processing in the Web Platform that is extensible by other specifications. You could also read the security considerations (http://www.w3.org/TR/2014/WD-service-workers-20140508/#security-considerations) and start thinking if they cover all the attacks, including offline ones... (yes, this is a call for volunteer to review the spec :) Regards, Virginie This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus
