177
edits
Changes
→Standard web security
== Scope ==
B2G still needs to display ordinary web pages and media. These should be treated no differently from how they are treated in a normal web browser. However, there is some debate as to whether such ordinary web pages should be allowed to an exceptionally limited subset of B2G's WebAPIs.
== Requirements ==
* A standard web page must not have access to any non-standard W3C HTML5 functions, of any kind. (''should they have access to some of the "safer" B2G WebAPIs?'')
* The security model for "standard web pages" in B2G must be no different from the standard security model for standard web pages in any normal web browser (including XSS).
* A standard web page '''MUST NOT''' be permitted to operate full-screen, in order to prevent phishing attacks.
== Proposals ==
TBD
= Other =
