MozillaWiki

Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions

Page Discussion

Security/Reviews/Gaia/InterAppCommunicationAPI (view source)

Revision as of 19:01, 3 February 2014

154 bytes added ,  3 February 2014
→‎2. Process Segregation
Line 130: Line 130:
* child-process-shutdown
* child-process-shutdown


 
There is no permission associated with Inter App Communications, so we do not have the assertPermission() check in the parent. However, the parent process does attempt (see [https://bugzilla.mozilla.org/show_bug.cgi?id=967104 967104]) to prevent a compromised child process from sending messages to the parent by checking the manifest URL.
Permissions are checked in the parent before processing any messages, using the standard approach:
http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppCommService.js#814


==== 3. Data validation & Sanitization ====
==== 3. Data validation & Sanitization ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/914680"