canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/ReaderMode: Difference between revisions
Security/Reviews/ReaderMode (view source)
Revision as of 15:28, 27 September 2012
, 27 September 2012no edit summary
No edit summary |
No edit summary |
||
| Line 37: | Line 37: | ||
+ false, articleUri, this._contentElement); | + false, articleUri, this._contentElement); | ||
this disables scripts on the document via its script loader | this disables scripts on the document via its script loader | ||
|SecReview threat brainstorming=* script injection - the sanitizer attempts to stop this | |SecReview threat brainstorming=* script injection - the sanitizer attempts to stop this | ||
** could use CSP once we support CSP in <meta> ? | ** could use CSP once we support CSP in <meta> ? | ||
| Line 54: | Line 53: | ||
mgoodwin::perform more testing on accessing chrome stuff from the about:reader page::w/c24/09/2012 (no bug required for this) | mgoodwin::perform more testing on accessing chrome stuff from the about:reader page::w/c24/09/2012 (no bug required for this) | ||
lucasr::change parser filtering from blacklist style to whitelist style - include URL scheme whitelisting (http, https, FTP) (bug to be filed):: | lucasr::change parser filtering from blacklist style to whitelist style - include URL scheme whitelisting (http, https, FTP) (bug to be filed):: | ||
<bugzilla> | |||
{ | |||
"id":"794958" | |||
} | |||
<bugzilla> | |||
}} | }} | ||