(Final proposal, please reply to dev-weba...@lists.mozilla.org by COB
Jun 04)
Only change here was to change trusted apps from explicit to implicit,
acknowledging that trusted and certified apps will now have separate
profile based resources (cookie jars, localstorage, app-cache etc)
Name of
On Apr 26, 2012, at 8:21 AM, Justin Lebar wrote:
> (cc only dev-b2g, per Mounir's plea that we stop mass cross-posting.)
I realize Mounir doesn't like cross-posting because doesn't want to be on all
those lists, but I'm not sure why he thinks in turn everyone else should
subscribe to his list j
Sorry I didn't catch this earlier. The following discussion is still accurate,
though I will refine these descriptions and post them to the wiki by Friday:
https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/2dd02277ab8b41ba?pli=1
Lucas.
On Apr 17, 2012, at 4:09 AM, Ben F
> I don't understand these categories, could you explain them a bit further?
Lucas can correct me, but AIUI this is a model that Lucas has
developed for thinking about trust and apps. These categories may not
have concrete analogs in B2G.
There was previously a lot of talk about somehow requirin
On Mon, Apr 16, 2012 at 7:14 AM, Lucas Adamski wrote:
>
> == Regular web content (unauthenticated) ==
>
> == Trusted (authenticated by publisher) ==
>
> == Certified (vouched for by trusted 3rd party) ==
>
I don't understand these categories, could you explain them a bit further?
What is the di
> Potential mitigations: container should not be able to script into browser
> iframe
In general, you cannot mitigate risk from an untrusted browser.
An untrusted browser can arbitrarily phish you. You type in
"bank.com", the browser takes you to evil.com and displays "bank.com"
in its URL bar.
Please reply-to dev-weba...@lists.mozilla.org
Name of API: Browser API
Reference: https://wiki.mozilla.org/WebAPI/EmbeddedBrowserAPI
Brief purpose of API: Provide an iframe that acts as a web browser
General Use Cases: None
Inherent threats:
* browser can see all data from all websites, and per