Security/Reviews/Gaia/DownloadManager: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/Gaia/DownloadManager (view source)

Revision as of 17:07, 30 January 2014

No change in size ,  30 January 2014
→‎XSS & HTML Injection Attacks
Line 110: Line 110:
Based on source code inspection, there are no dangerous coding practices (like misuse of innerHTML) that will result in HTML/JS injections.
Based on source code inspection, there are no dangerous coding practices (like misuse of innerHTML) that will result in HTML/JS injections.


Characters ',",>, and > were tested in filenames. We could not directly test > or < because the filesystem disallowed those characters in filenames, however we did use App Manager to break into the JS and insert those characters to see if places the filenames are rendered were safe.
Characters ',",>, and < were tested in filenames. We could not directly test > or < because the filesystem disallowed those characters in filenames, however we did use App Manager to break into the JS and insert those characters to see if places the filenames are rendered were safe.


==== Secure Communications ====
==== Secure Communications ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/911032"

Navigation menu