Confirmed users
353
edits
Security/Reviews/Gaia/costcontrol: Difference between revisions
Security/Reviews/Gaia/costcontrol (view source)
Revision as of 17:31, 9 October 2013
, 9 October 2013→Security Risks & Mitigating Controls
| Line 118: | Line 118: | ||
=== Security Risks & Mitigating Controls === | === Security Risks & Mitigating Controls === | ||
* After speaking with developer regarding [https://wiki.mozilla.org/Security/Reviews/Gaia/costcontrol&section=20#Suspicious_but_OK suspected but ok] issues, specifically the dynamically creating <script> tags in view_manager.js, I've learned that in some instances developers depend on innerHTML quirks for "sanitization" purposes. | * After speaking with developer regarding [https://wiki.mozilla.org/Security/Reviews/Gaia/costcontrol&section=20#Suspicious_but_OK suspected but ok] issues, specifically the dynamically creating <script> tags in view_manager.js, I've learned that in some instances developers depend on innerHTML quirks for "sanitization" purposes. | ||