canmove, Confirmed users
640
edits
Security/Reviews/Firefox4/Desktop Notifications Security Review: Difference between revisions
Security/Reviews/Firefox4/Desktop Notifications Security Review (view source)
Revision as of 22:14, 18 October 2010
, 18 October 2010→Review comments
| Line 46: | Line 46: | ||
== Review comments == | == Review comments == | ||
* What happens with the image URLs? | |||
** sometimes we load and create the image | |||
** sometimes we pass the URL | |||
** probably best to restrict to http/https, definitely a whitelist of some sort | |||
*** if data: is allowed create as <IMG> | |||
* sites can send a different image with each request? | |||
** lots of spoofing possibilities | |||
* If there's no callback, clicking on notification does nothing. | |||
* If there's a callback function it gets called. | |||
** can call focus(), not sure that will actually raise the window | |||
* What format are the messages? "text"? | |||
** what's the risk that some platform will parse/render HTML? | |||
** should we sanitize proactively just in case? | |||
* brainstorm on how to tie site notifications back to the site you gave permission to | |||
** domain (eTLD+1?) prefix on title? | |||
** fixed icon (same as first call) | |||
*** Android notifications always use the Fennec icon | |||
** Fixed text pattern? (e.g. "Tweet from *") | |||