MozillaWiki

Security/Reviews/Gaia/homescreen: Difference between revisions

Page Discussion

Security/Reviews/Gaia/homescreen (view source)

Revision as of 06:07, 22 February 2013

71 bytes added ,  22 February 2013
→‎Web Activity Handlers
Line 40: Line 40:
</code>
</code>


The name or icon parameters are not sanitized at all, so there is a spoofing risk here.
The name or icon parameters are not sanitized at all, so there is a spoofing risk here, however it appears the a user supplied icon is wrapped in a white circle border, so it is clear that its a bookmark and not an app.


*Issue:setting iconable to true, and supplying an icon, results in a app pinned with no icon, and its not possible to remove these from the homescreen.
* I am currently seeing weird issues/crashing when supplying an icon via a data URI. Can't reproduce reliably though.
(still investigating this)


====Web Activity Usage ====
====Web Activity Usage ====
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/526064"