Security/B2G/Browser API: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 24: | Line 24: | ||
Will there be a separate cookie store for <iframe mozbrowser>, or will they be shared? | Will there be a separate cookie store for <iframe mozbrowser>, or will they be shared? | ||
===Threat Model=== | ===Threat Model=== | ||
Threat vectors: | |||
*Untrusted content escaping the <iframe mozbrowser> element | |||
**javascript references to items not inside the iframe | |||
**attacking local web apps through shared resources (are there any?) | |||
*Normal Browser Security controls weakened or not present | |||
** URL Bar behavior? (need to expose SSL information) | |||
*Frame related issues | |||
** Must handle frame-busting code correctly | |||
*Untrusted web page content not segregated sufficiently from Web Apps* Shared resources between untrusted content (i.e. page loaded in the mozbrowser) and the installed apps | |||
** Cookies? | |||
** Other Origin based resource access (local storage, Indexed DB) | |||
** Permissions (what prevents a page loaded at sms.gaiamobile.org from getting SMS permissions?) | |||
*Untrusted page might gain access to create an <iframe mozbrowser> | |||
*Access to the local device (this is probably a b2g wide question) | |||
* file:// etc | |||
* loopback address/network address? | |||
===Authorization Model=== | ===Authorization Model=== | ||
*Implicit: An app will need to granted the browser permission | *Implicit: An app will need to granted the browser permission | ||
===Implementation Requirements=== | ===Implementation Requirements=== | ||
*Many, TBD. | *Many, TBD. | ||
Revision as of 07:16, 3 May 2012
Please use "Edit with form" above to edit this page.
Project Info
| Browser API | |
| Project Page | ` |
| Next Milestone | ` |
| Security Resource | ` |
{{#set:Component=Browser API |Project=` |Milestone=` |Resource=` }}
Security Information
| Status: | OK |
| Securtiy Approved for Beta Launch?: | No |
| Data Flow Diagram: | ` |
| Threat Model: | ` |
| Bugs: | ` |
| Security Review: | ` |
| Final Security Approval: | no |
{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=` |Secreview=` |SecTrackerFSA=no }} [Category:WebApi]]
Background
Goals
- Provide support so that a Browser can be implemented as a Web App
- Implemented as new type of iframe which provides limited cross-origin access so that a page embedding this iframe can act like a web browser.
- Being implemented with a minimal set of APIs to
Specification:
Bugs:
Pages: Source:
Data Flow Diagram
Answered Questions
Open Questions
Will there be a separate cookie store for <iframe mozbrowser>, or will they be shared?
Threat Model
Threat vectors:
- Untrusted content escaping the <iframe mozbrowser> element
- javascript references to items not inside the iframe
- attacking local web apps through shared resources (are there any?)
- Normal Browser Security controls weakened or not present
- URL Bar behavior? (need to expose SSL information)
- Frame related issues
- Must handle frame-busting code correctly
- Untrusted web page content not segregated sufficiently from Web Apps* Shared resources between untrusted content (i.e. page loaded in the mozbrowser) and the installed apps
- Cookies?
- Other Origin based resource access (local storage, Indexed DB)
- Permissions (what prevents a page loaded at sms.gaiamobile.org from getting SMS permissions?)
- Untrusted page might gain access to create an <iframe mozbrowser>
- Access to the local device (this is probably a b2g wide question)
- file:// etc
- loopback address/network address?
Authorization Model
- Implicit: An app will need to granted the browser permission
Implementation Requirements
- Many, TBD.