Apps/SecurityDetails: Difference between revisions

Jump to navigation Jump to search

Apps/SecurityDetails (view source)

Revision as of 00:44, 9 August 2012

330 bytes added ,  9 August 2012
→‎Packaged apps
No edit summary
Line 145: Line 145:
Whenever a resource is loaded using the <code>app:</code> protocol, this will only allow loading resources from the zip file associated with the current app. I.e. if you specify an <code>identifier</code> for another app, it will behave exactly as if you specify an invalid identifier or an identifier for an app which isn't installed.
Whenever a resource is loaded using the <code>app:</code> protocol, this will only allow loading resources from the zip file associated with the current app. I.e. if you specify an <code>identifier</code> for another app, it will behave exactly as if you specify an invalid identifier or an identifier for an app which isn't installed.


''Open question'': We probably need to allow linking to an app:// page. However we could forbid putting an app:// page in an <iframe>. Other than by other app:// pages of course.
Relative links within <code>app:</code> works just like relative links within <code>http:</code>. Simply using a URL like &lt;img src="/images/picture.jpg"> will load the image named "images/picture.jpg" in the zip package. You can also use markup like &lt;a href="foo/bar.html"> to refer to a page relative the current page.
 
''Open question'': We probably need to allow linking to an app:// page. However we could forbid putting an app:// page in an &lt;iframe>. Other than by other app:// pages of course.


One important thing to note about this is that the app protocol doesn't have a concept of a domain. In other words, packaged apps aren't same-origin with any "normal" websites. This is because we don't know the home domain of the developers or the app. We only know which store was used to install the app.
One important thing to note about this is that the app protocol doesn't have a concept of a domain. In other words, packaged apps aren't same-origin with any "normal" websites. This is because we don't know the home domain of the developers or the app. We only know which store was used to install the app.
Sicking
Confirmed users
716

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/459480"

Navigation menu