TPE CONNECTIVITY GROUP/2015-05-05: Difference between revisions
Jump to navigation
Jump to search
(→Dimi) |
Ethantseng (talk | contribs) (Update Ethan's weekly report) |
||
| Line 14: | Line 14: | ||
== Ethan == | == Ethan == | ||
* ''' Done & Working in Progress ''' | * ''' Done & Working in Progress ''' | ||
*# Study JavaScript security | |||
*#* Review '''Same-Origin Policy (SOP)''' to clarify how SOP uses '''origin''' | |||
*#* Relaxing SOP | |||
*#*# Document.domain | |||
*#*# Cross-Origin Resource Sharing (CORS) | |||
*#*# Cross-document messaging: postMessage API | |||
*# Study Cross-Site Scripting (XSS) attack | |||
*#* Reflected XSS | |||
*#* Persistent (Stored) XSS | |||
*# Study Content Security Policy (CSP) | |||
*#* CSP directive | |||
*#* Script execution: script-src | |||
*#** Plug-in content: object-src | |||
*#** Stylesheets and fonts: style-src and font-src | |||
*#** Passive multimedia: img-src and media-src | |||
*#** Subframes: frame-src | |||
*#** Default policy: default-src | |||
*#* CSP key words | |||
*#** none | |||
*#** self | |||
*#** data: | |||
*#** unsafe-inline | |||
*#** unsafe-eval | |||
*# Start to trace Firefox CSP implementation | |||
*#* nsDocument::initCSP() | |||
*#* nsCSPParser - which separates the CSP header into tokens and parses the CSP | |||
*#* nsCSPUtils which holds the internal representation of the CSP | |||
*#* nsCSPContext which is the interface through which CSP gets called | |||
*# Start to play with CSP mochitest | |||
*#* dom/base/test/csp/test_csp_path_matching.html | |||
* ''' Review & Feedbacks ''' | * ''' Review & Feedbacks ''' | ||
*# Help Jonathan on {{Bug|1158661}} - [FFOS2.0][Woodduck][HOMO]RSTP video in 720 H-264 Plays abnormal which can hear the audio only without the video shows | |||
* ''' Pending ''' | * ''' Pending ''' | ||
== Henry == | == Henry == | ||
Revision as of 06:24, 5 May 2015
Discussion Topics
Dimi
- Done & Working in Progress
- bug 1160671 - [Flame] Unable to turn on NFC. root cause found
- bug 964697 - (emulator-NFC) B2G Emulator: NFC support in KK. working
- Study service worker
- Review & Feedbacks
- Pending
- bug 1136512 - [Lightsaber] Support NFC . checking if sony can support libnfc-nci github
- bug 964697 - (emulator-NFC) B2G Emulator: NFC support in KK. on-going
Ethan
- Done & Working in Progress
- Study JavaScript security
- Review Same-Origin Policy (SOP) to clarify how SOP uses origin
- Relaxing SOP
- Document.domain
- Cross-Origin Resource Sharing (CORS)
- Cross-document messaging: postMessage API
- Study Cross-Site Scripting (XSS) attack
- Reflected XSS
- Persistent (Stored) XSS
- Study Content Security Policy (CSP)
- CSP directive
- Script execution: script-src
- Plug-in content: object-src
- Stylesheets and fonts: style-src and font-src
- Passive multimedia: img-src and media-src
- Subframes: frame-src
- Default policy: default-src
- CSP key words
- none
- self
- data:
- unsafe-inline
- unsafe-eval
- Start to trace Firefox CSP implementation
- nsDocument::initCSP()
- nsCSPParser - which separates the CSP header into tokens and parses the CSP
- nsCSPUtils which holds the internal representation of the CSP
- nsCSPContext which is the interface through which CSP gets called
- Start to play with CSP mochitest
- dom/base/test/csp/test_csp_path_matching.html
- Study JavaScript security
- Review & Feedbacks
- Help Jonathan on bug 1158661 - [FFOS2.0][Woodduck][HOMO]RSTP video in 720 H-264 Plays abnormal which can hear the audio only without the video shows
- Pending
Henry
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others
Jonathan
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others
Yoshi
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others