Security/Reviews/Gaia/DownloadManager: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/Gaia/DownloadManager (view source)

Revision as of 22:22, 16 January 2014

454 bytes added ,  16 January 2014
→‎XSS & HTML Injection Attacks
Line 77: Line 77:


==== XSS & HTML Injection Attacks ====
==== XSS & HTML Injection Attacks ====
User controlled values are pretty much limited to filename. The filename is displayed in the notifications pull-down as well as the Settings Downloads list.
[https://bugzilla.mozilla.org/show_bug.cgi?id=960749 960749] prevented us from being able to completely check for HTML injections. (See Future Work below)
Based on source code inspection, there are no dangerous coding practices (like misuse of innerHTML) that will result in HTML/JS injections.


==== Secure Communications ====
==== Secure Communications ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/895664"

Navigation menu