TPE CONNECTIVITY GROUP/2015-05-05: Difference between revisions
Jump to navigation
Jump to search
Ethantseng (talk | contribs) (Update Ethan's weekly report) |
Ethantseng (talk | contribs) (Update Ethan's weekly report) |
||
| Line 20: | Line 20: | ||
*#*# Cross-Origin Resource Sharing (CORS) | *#*# Cross-Origin Resource Sharing (CORS) | ||
*#*# Cross-document messaging: postMessage API | *#*# Cross-document messaging: postMessage API | ||
*# Study Cross-Site Scripting (XSS) attack | *# Study '''Cross-Site Scripting (XSS)''' attack | ||
*#* Reflected XSS | *#* Reflected XSS | ||
*#* Persistent (Stored) XSS | *#* Persistent (Stored) XSS | ||
*# Study Content Security Policy (CSP) | *# Study '''Content Security Policy (CSP)''' | ||
*#* CSP directive | *#* CSP directive | ||
*#* Script execution: script-src | *#* Script execution: script-src | ||
| Line 37: | Line 37: | ||
*#** unsafe-inline | *#** unsafe-inline | ||
*#** unsafe-eval | *#** unsafe-eval | ||
*# Start to trace | *# Start to trace CSP implementation in Firefox | ||
*#* nsDocument::initCSP() | *#* nsDocument::initCSP() | ||
*#* nsCSPParser - which separates the CSP header into tokens and parses the CSP | *#* nsCSPParser - which separates the CSP header into tokens and parses the CSP | ||
*#* nsCSPUtils which holds the internal representation of the CSP | *#* nsCSPUtils which holds the internal representation of the CSP | ||
*#* nsCSPContext which is the interface through which CSP gets called | *#* nsCSPContext which is the interface through which CSP gets called | ||
*# Start to play with CSP mochitest | *# Start to play with CSP mochitest in Gecko | ||
*#* dom/base/test/csp/test_csp_path_matching.html | *#* dom/base/test/csp/test_csp_path_matching.html | ||
*# Attend meeting on 5/5: New security model update hosted by Jean Gong | |||
*# Coordinate Necko study group sessions | |||
* ''' Review & Feedbacks ''' | * ''' Review & Feedbacks ''' | ||
Revision as of 06:27, 5 May 2015
Discussion Topics
Dimi
- Done & Working in Progress
- bug 1160671 - [Flame] Unable to turn on NFC. root cause found
- bug 964697 - (emulator-NFC) B2G Emulator: NFC support in KK. working
- Study service worker
- Review & Feedbacks
- Pending
- bug 1136512 - [Lightsaber] Support NFC . checking if sony can support libnfc-nci github
- bug 964697 - (emulator-NFC) B2G Emulator: NFC support in KK. on-going
Ethan
- Done & Working in Progress
- Study JavaScript security
- Review Same-Origin Policy (SOP) to clarify how SOP uses origin
- Relaxing SOP
- Document.domain
- Cross-Origin Resource Sharing (CORS)
- Cross-document messaging: postMessage API
- Study Cross-Site Scripting (XSS) attack
- Reflected XSS
- Persistent (Stored) XSS
- Study Content Security Policy (CSP)
- CSP directive
- Script execution: script-src
- Plug-in content: object-src
- Stylesheets and fonts: style-src and font-src
- Passive multimedia: img-src and media-src
- Subframes: frame-src
- Default policy: default-src
- CSP key words
- none
- self
- data:
- unsafe-inline
- unsafe-eval
- Start to trace CSP implementation in Firefox
- nsDocument::initCSP()
- nsCSPParser - which separates the CSP header into tokens and parses the CSP
- nsCSPUtils which holds the internal representation of the CSP
- nsCSPContext which is the interface through which CSP gets called
- Start to play with CSP mochitest in Gecko
- dom/base/test/csp/test_csp_path_matching.html
- Attend meeting on 5/5: New security model update hosted by Jean Gong
- Coordinate Necko study group sessions
- Study JavaScript security
- Review & Feedbacks
- Help Jonathan on bug 1158661 - [FFOS2.0][Woodduck][HOMO]RSTP video in 720 H-264 Plays abnormal which can hear the audio only without the video shows
- Pending
Henry
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others
Jonathan
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others
Yoshi
- Done & Working in Progress
- Review & Feedbacks
- Pending
- Others