On 13-09-06 11:02 AM, Alexandre Abreu wrote: > 2. The webapp browsing experience would be strictly confined to a specific set > of url patterns, and the functionality is already being merged in the > webbrowser-app,
How are you planning on doing this? What happens when the facebook webapp wants to embed a video from youtube? What happens when the user wants to click a link that navigates out of the set of url patterns? What happens when someone clicks the "Like on facebook" link on a page in the normal web browser? > > 3. I was wondering if for those packages and given the specific nature of > webapps and the associated security risks (spoofing, phishing etc), we would > be > able to bypass some sort of review process that would be a bit more restricted > than the one (if any) for other apps. At the moment, the APP_ID specific > profile > would prevent any local data capture etc. I'm not quite sure what that means. You want to bypass the regular review process, or you want it to be more restricted than the one for other apps? Seems to me webapps are going to require more review than regular apps. Allowing anyone to upload a facebook webapp that contains javascript that can steal a user's credentials, either deliberately or inadvertently by breaking the browser's same-origin policy would be bad. How many people are going to upload different versions of the facebook webapp? > > Jamie did put up a wiki page to capture the current decision/state of the > discussions, > > https://wiki.ubuntu.com/SecurityTeam/Specifications/WebAppsConfinement > I'll add some of my points to the wiki. Marc. -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
