202
edits
Annotations: Difference between revisions
→Security
BrettWilson (talk | contribs) (Added bug link) |
BrettWilson (talk | contribs) |
||
| Line 43: | Line 43: | ||
=== Security === | === Security === | ||
Initially, the annotation service will only be available to trusted chrome code. It will be able to read and write any annotation. | |||
If scripts on web pages are allowed to store data, they should only be able to see data that they themselves have written, and not user entered data or service entered data (favicons, etc.). Limiting access to pages on the same path allows some flexibility with different pages from the same service, and should provide minimal opportunity for data leakage. | If scripts on web pages are allowed to store data, they should only be able to see data that they themselves have written, and not user entered data or service entered data (favicons, etc.). Limiting access to pages on the same path allows some flexibility with different pages from the same service, and should provide minimal opportunity for data leakage. | ||