Confirmed users
620
edits
TPE CONNECTIVITY GROUP/2015-05-05: Difference between revisions
Jump to navigation
Jump to search
Update Ethan's weekly report
(→Dimi) |
Ethantseng (talk | contribs) (Update Ethan's weekly report) |
||
| Line 14: | Line 14: | ||
== Ethan == | == Ethan == | ||
* ''' Done & Working in Progress ''' | * ''' Done & Working in Progress ''' | ||
*# Study JavaScript security | |||
*#* Review '''Same-Origin Policy (SOP)''' to clarify how SOP uses '''origin''' | |||
*#* Relaxing SOP | |||
*#*# Document.domain | |||
*#*# Cross-Origin Resource Sharing (CORS) | |||
*#*# Cross-document messaging: postMessage API | |||
*# Study Cross-Site Scripting (XSS) attack | |||
*#* Reflected XSS | |||
*#* Persistent (Stored) XSS | |||
*# Study Content Security Policy (CSP) | |||
*#* CSP directive | |||
*#* Script execution: script-src | |||
*#** Plug-in content: object-src | |||
*#** Stylesheets and fonts: style-src and font-src | |||
*#** Passive multimedia: img-src and media-src | |||
*#** Subframes: frame-src | |||
*#** Default policy: default-src | |||
*#* CSP key words | |||
*#** none | |||
*#** self | |||
*#** data: | |||
*#** unsafe-inline | |||
*#** unsafe-eval | |||
*# Start to trace Firefox CSP implementation | |||
*#* nsDocument::initCSP() | |||
*#* nsCSPParser - which separates the CSP header into tokens and parses the CSP | |||
*#* nsCSPUtils which holds the internal representation of the CSP | |||
*#* nsCSPContext which is the interface through which CSP gets called | |||
*# Start to play with CSP mochitest | |||
*#* dom/base/test/csp/test_csp_path_matching.html | |||
* ''' Review & Feedbacks ''' | * ''' Review & Feedbacks ''' | ||
*# Help Jonathan on {{Bug|1158661}} - [FFOS2.0][Woodduck][HOMO]RSTP video in 720 H-264 Plays abnormal which can hear the audio only without the video shows | |||
* ''' Pending ''' | * ''' Pending ''' | ||
== Henry == | == Henry == | ||