Security/Reviews/B2G/mozapp: Difference between revisions

Security/Reviews/B2G/mozapp (view source)

412 bytes added , 27 June 2013

no edit summary

Confirmed users

110

edits

@@ Line 1: / Line 1: @@
 {{SecReviewInfo
 |SecReview name=mozapp iframe
-|SecReview target=751026
+|SecReview target=https://bugzilla.mozilla.org/show_bug.cgi?id=751026
+See also
+https://bugzilla.mozilla.org/show_bug.cgi?id=750996
+https://bugzilla.mozilla.org/show_bug.cgi?id=750458
 }}
 {{SecReview
@@ Line 11: / Line 14: @@
 }}
 ===Technical details===
-<pre>
+<pre style="white-space:-moz-pre-wrap; white-space:-pre-wrap; white-space:-o-pre-wrap; white-space:pre-wrap; word-wrap:break-word;">
 A non-standard attribute was added to the iframe tag called
 mozapp [1] This attribute allows a webpage to specify a manifest URL, that was previously pre-installed on the device or installed through window.navigator.mozApps.install [2]. A valid manifest meets the requirements set forth at [3] and may grant an app more privileges than a normal webpage has.
@@ Line 32: / Line 35: @@
 </pre>
 ===What does a mozapp iframe do?===
-<pre>
+<pre style="white-space:-moz-pre-wrap; white-space:-pre-wrap; white-space:-o-pre-wrap; white-space:pre-wrap; word-wrap:break-word;">
 A mozapp iframe with a valid manifestURL and embeddor with proper permissions is granted the enhanced functionality of webapps. Permissions granted / denied are set when the app is installed. The biggest difference is the "origin" used when performing same origin checks. The gecko core was modified to use the concept of an extended origin defined as
 aExtendedOrigin = appId + "+" + { 't', 'f' } "+" + origin [1]