Security/Reviews/Firefox4/mozGetAsFile Security Review: Difference between revisions

* What potential security issues in your feature have you already considered and addressed? '''Untrusted content is allowed to specify the file name, which means that privileged code cannot trust the file name of a File object unless it knows where it originated  (in other words, a webpage could create a file with the name 'etc/passwd').  The only code that looks at the filename is sessionstore which is only looking at file names that are trusted (files that originated in an <input> element).  The safe way to read a file is to use the FileReader object or the methods on the File object which will do The Right Thing TM.'''

* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? '''No'''

* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. '''Almost all of the code is shared with canvas.toDataUrl and the existing File object implementation.  The only potential issue that I'm aware of is the filename stuff discussed above.'''

* How are transitions in/out of Private Browsing mode handled? '''Not relevant'''