Confirmed users
717
edits
Apps/Security: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 231: | Line 231: | ||
But just like for websites today, a webpage which contains an <iframe> pointing to a different origin can't reach into that iframe and modify or touch the objects there. And like with normal websites, permissions are separated by origin, meaning that just because a permission is granted to an app, doesn't mean that any <iframe>s that that app opens has access to the same permissions. | But just like for websites today, a webpage which contains an <iframe> pointing to a different origin can't reach into that iframe and modify or touch the objects there. And like with normal websites, permissions are separated by origin, meaning that just because a permission is granted to an app, doesn't mean that any <iframe>s that that app opens has access to the same permissions. | ||
=== Data management === | |||
appid/browserContent flag in B2G | |||
separate profiles on desktop/android | |||
=== Process sandboxes === | |||
==Application Lifecycle== | ==Application Lifecycle== | ||
| Line 344: | Line 351: | ||
There is no way for privileged apps to relax this policy. However we may in the future add the ability for packaged apps to define their own CSP policies, in which case that would allow apps to apply more restrictive policies. However such policies would be merged with the above policy which means that it still wouldn't allow the app to relax the policy. | There is no way for privileged apps to relax this policy. However we may in the future add the ability for packaged apps to define their own CSP policies, in which case that would allow apps to apply more restrictive policies. However such policies would be merged with the above policy which means that it still wouldn't allow the app to relax the policy. | ||
==Out of scope for 1.0== | ==Out of scope for 1.0== | ||