Confirmed users
971
edits
Security/Reviews/Gaia/Dialer: Difference between revisions
Security/Reviews/Gaia/Dialer (view source)
Revision as of 18:09, 25 February 2013
, 25 February 2013→System Messages
(→Dial) |
|||
| Line 94: | Line 94: | ||
{ "ussd-received": "/dialer/index.html#keyboard-view" } | { "ussd-received": "/dialer/index.html#keyboard-view" } | ||
] | ] | ||
==== Notifications ==== | |||
The app handles notifications at https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/dialer.js#L52 | |||
The only thing it does is bring up the dialer in the <code>#recents-view</code> tab. | |||
==== Post Messages ==== | |||
TODO Not sure what the official name for this is. I am referring to <code>window.postMessage()</code>. | |||
TODO The app does not check the origin of the post messages. Is that exploitable? Can another app send a message? Can content loaded from this app send a message? Like that Facebook thing? | |||
====Web Activity Usage ==== | ====Web Activity Usage ==== | ||