MozillaWiki

Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions

Page Discussion

Security/Reviews/Gaia/InterAppCommunicationAPI (view source)

Revision as of 20:59, 3 February 2014

12 bytes removed ,  3 February 2014
→‎2. Process Segregation
 
Line 130: Line 130:
* child-process-shutdown
* child-process-shutdown


There is no permission associated with Inter App Communications, so we do not have the assertPermission() check in the parent. However, the parent process does prevent a compromised child process from sending messages to the parent by verifying the manifestURL sent in the message matches the manifest URL of the publishing app.
There is no permission associated with Inter App Communications, so we do not have the assertPermission() check in the parent.
 
The parent process prevents a compromised child process from sending messages to the parent by verifying the manifestURL sent in the message matches the manifest URL of the publishing app.


==== 3. Data validation & Sanitization ====
==== 3. Data validation & Sanitization ====
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/914794"