canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/NetworkMonitor: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
* Uses existing necko APIs - if the monitor should intercept other types, we'd need hooks to be available for other events, etc. | * Uses existing necko APIs - if the monitor should intercept other types, we'd need hooks to be available for other events, etc. | ||
** so far, websockets is most likely to happen soon. | ** so far, websockets is most likely to happen soon. | ||
|SecReview threat brainstorming=* Are the File objects persisted on disk? Also are these files different per-tab / private-browsing mode? | |SecReview threat brainstorming=* Are the File objects persisted on disk? Also are these files different per-tab / private-browsing mode? | ||
** no | ** no | ||
| Line 38: | Line 37: | ||
** What about URLs changing to a JS url | ** What about URLs changing to a JS url | ||
** What about images being lots larger than they were originally? | ** What about images being lots larger than they were originally? | ||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
| Line 57: | Line 55: | ||
<td>Joe / Honza </td> | <td>Joe / Honza </td> | ||
<td> </td> | <td> </td> | ||
<td><Look at restricting privileges of the iframe. CSP possible if navigation is not allowed, otherwise look at docshell tricks / iframe sandbox/td> | <td><Look at restricting privileges of the iframe. CSP possible if navigation is not allowed, otherwise look at docshell tricks / iframe sandbox</td> | ||
<td>before Aurora </td> | <td>before Aurora </td> | ||
<td>{{new|new}} </td> | <td>{{new|new}} </td> | ||
| Line 69: | Line 67: | ||
</tr> | </tr> | ||
</table> | </table> | ||
<bugzilla> | |||
{ | |||
"id":"757432,757434" | |||
} | |||
</bugzilla> | |||
}} | }} | ||