=== Security Risks & Mitigating Controls ===
====NEED TO INSPECT FURTHER====
* settings/js/sound.js:129 list.element.innerHTML = generateList(sounds, key);
** generateList appears to build HTML from unsanitized elements. Not sure if they are user controllable or not.
* "storage":{} - Utilize storage (appcache, pinned apps, IndexedDB) without size limitations. See appcache, IndexedDB
** There appear to be no calls to appcache or IndexedDB. This permissions may be extraneous.
* "desktop-notification":{} - Display a notification on the user's desktop
** No calls to createNotification() or creation of new Notification objects. This permission may be extraneous.
* "device-storage:pictures":{ "access": "readonly" } - Add, read, or modify picture files stored on the device.
** No calls to getDeviceStorage('pictures'). Appears this permissions is extraneous.
* "device-storage:music":{ "access": "readonly" } - Add, read, or modify music files stored on the device.
** No calls to getDeviceStorage('music'). Appears this permissions is extraneous.
* "device-storage:videos":{ "access": "readonly" } - Add, read, or modify video files stored on the device.
** No calls to getDeviceStorage('videos'). Appears this permissions is extraneous.
=== Actions & Recommendations ===
[[Category:SecReview]]
