Confirmed users
353
edits
Security/Reviews/Gaia/DownloadManager: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/Gaia/DownloadManager (view source)
Revision as of 22:17, 16 January 2014
, 16 January 2014→Conclusion
| Line 73: | Line 73: | ||
== Conclusion == | == Conclusion == | ||
Attack surface is greatly reduced through the combination of using WebIDL, 'downloads' permissions is Certified, and the fact that Download Manager API uses the new Downloads.jsm. | Attack surface is greatly reduced through the combination of using WebIDL, 'downloads' permissions is Certified, and the fact that Download Manager API uses the new Downloads.jsm. | ||
=== Code Review Notes === | |||
==== XSS & HTML Injection Attacks ==== | |||
==== Secure Communications ==== | |||
There are no instances of sensitive communications over HTTP. Nor are there any leaks via XHR requests. | |||
==== Secure Data Storage ==== | |||
No issues relating to insecure data storage. | |||
==== Denial of Service ==== | |||
==== Use of Privileged APIs ==== | |||
==== Interfaces with other Apps/Content==== | |||
=== Future Work === | === Future Work === | ||