+public-webappsec Looping in the Web Application Security WG, who might also be interested in having a look.
-mike -- Mike West <[email protected]> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Mon, May 26, 2014 at 5:54 PM, Marcos Caceres <[email protected]> wrote: > The WebApps WG would like to request a security review of the "Manifest > for web application" spec [1]. The spec is more or less feature complete > and early implementations are starting in Gecko and Blink, so we hope it's > the appropriate time to request this review. > > If possible, please file issues you find in GitHub [2] - otherwise, we can > discuss here (but please make sure I am CC'd as I'm not subscribed to this > list! Probably also applies to most people on the CC list). > > Abstract: > This specification defines a JSON-based manifest, which provides > developers with a centralized place to put metadata associated with a web > application. This includes, but is not limited to, the web application's > name, links to icons, as well as the preferred URL to open when a user > launches the web application. The manifest also allows developers to > declare a default orientation for their web application, as well as > providing the ability to set the display mode for the application (e.g., in > fullscreen). > > We look forward to your feedback. > > [1] http://w3c.github.io/manifest/ > [2] https://github.com/w3c/manifest/issues > > > -- > Marcos Caceres > > >
