177
edits
B2G App Security Model/Threat Model: Difference between revisions
→Potential Countermeasures
| Line 99: | Line 99: | ||
* Requirement for HSTS for Apps granted permissions (Strict SSL even?) | * Requirement for HSTS for Apps granted permissions (Strict SSL even?) | ||
* User can audit permission usage of an app so s/he can uninstall the app if it seems to be doing something undesirable | * User can audit permission usage of an app so s/he can uninstall the app if it seems to be doing something undesirable | ||
* eval and script injection (appending text as a script node to the body of the page) need to be restricted operations | |||
** or executed in a different security context that is given highly-restricted permissions. | |||
=== UI Spoofing === | === UI Spoofing === | ||