Confirmed users
2,615
edits
User:Dmose:Protocol Handler Security Review: Difference between revisions
User:Dmose:Protocol Handler Security Review (view source)
Revision as of 17:09, 30 October 2007
, 30 October 2007→Security and Privacy
| Line 49: | Line 49: | ||
** application pref file (firefox.js or equivalent) missing | ** application pref file (firefox.js or equivalent) missing | ||
** user prefs.js missing | ** user prefs.js missing | ||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
| Line 59: | Line 56: | ||
*** Phishy? (Encourages in-browser auth?) | *** Phishy? (Encourages in-browser auth?) | ||
*** The HTML5 spec has a [http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | *** The HTML5 spec has a [http://www.whatwg.org/specs/web-apps/current-work/#security3 list of possible security issues] that should be gone through | ||
*** register{Content,Protocol}Handler need to use checkLoadURI | |||
*** Uses of web-handled URIs in contexts other than in href attribute of a element ({{bug|400886}}) | *** Uses of web-handled URIs in contexts other than in href attribute of a element ({{bug|400886}}) | ||
**** object | **** object | ||