Confirmed users
353
edits
Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions
Security/Reviews/Gaia/InterAppCommunicationAPI (view source)
Revision as of 20:01, 24 January 2014
, 24 January 2014→Concerns
(→Gecko) |
|||
| Line 57: | Line 57: | ||
* http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppCommService.js#349 | * http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppCommService.js#349 | ||
** does checking for ‘security’ things. It uses 2 fields each time. ex. aSubAppManifestURL and aPubAppManifestURL. Can i set one of those on my app and ‘bypass’ these tests | ** does checking for ‘security’ things. It uses 2 fields each time. ex. aSubAppManifestURL and aPubAppManifestURL. Can i set one of those on my app and ‘bypass’ these tests | ||
* So this uses postMessage, is there any opportunity for other apps just listening for 'message' will be able to intercept sensitivei comms? | |||
=== manifest === | === manifest === | ||
* The installOrigins field inside manifest file limits communications origins. This needs to be tested | * The installOrigins field inside manifest file limits communications origins. This needs to be tested | ||
** also, them seem to just be a domain name, are we not doing port, domain, protocol along with app id? | ** also, them seem to just be a domain name, are we not doing port, domain, protocol along with app id? | ||