FirefoxOS/New security model: Difference between revisions

FirefoxOS/New security model (view source)

No change in size , 3 August 2015

Fix a typo.

Confirmed users

620

edits

@@ Line 108: / Line 108: @@
 However signed packages will get their own cookies and IndexedDB data. Content inside a signed package will not share cookies, IndexedDB data, etc with unsigned content from the same domain. It will also not share data with content from other signed packages from the same domain. This is to ensure that unsigned content from the same domain can't read for example sensitive data that the signed content has cached in IndexedDB. And to prevent unsigned content from writing into the localStorage that signed content uses and thereby tricking the signed content into performing unintended actions.
-However when pages from inside a signed package makes network requests to other websites, it should still use the normal cookies from those websites. And if a page from a signed package creates an <iframe> containing an insigned website, then that website will be loaded with its normal cookies and will have access to its normal IndexedDB data.
+However when pages from inside a signed package makes network requests to other websites, it should still use the normal cookies from those websites. And if a page from a signed package creates an <iframe> containing an unsigned website, then that website will be loaded with its normal cookies and will have access to its normal IndexedDB data.
 In other words, each signed package acts like a separate website. They do not act like a separate "world"/"context".