On 13/04/15 16:40, David Barth wrote:
Yep, definitely a good idea. Thanks Alan! We have a set of checks
for this script injection kit, from its desktop beginnings.
However, that should mosty flag common attack vectors. Checking the
identity of the author / published of an app still is a ke
On Tue, 2015-04-14 at 04:39 +1000, Mitchell Reese wrote:
> Another question re security for webapps - url-dispatcher. Whilst I'm
> loving using this, it's also clear how easy it is to create a webapp
> that redirects traffic from other places, such as scopes. While I'm
> making a point of listi
On Mon, Apr 13, 2015 at 2:50 PM, Marc Deslauriers <
marc.deslauri...@canonical.com> wrote:
> On 2015-04-10 06:15 PM, Alan Bell wrote:
> > Hi all,
> >
> > there is a somewhat sparsely documented feature of webapps that allow
> you to
> > specify --webappModelSearchPath=. as a parameter of webapp-co
On 2015-04-10 06:15 PM, Alan Bell wrote:
> Hi all,
>
> there is a somewhat sparsely documented feature of webapps that allow you to
> specify --webappModelSearchPath=. as a parameter of webapp-container in the
> .desktop file and have a file called webapp-properties.json in the project.
> This
>
I'm not sure user descriptions will be much use - for developers and/or
tech saavy people, certainly - but for everyone else? Simply look at the
android store to see how happily people are to install apps that ask for
dodgy permissions. For what it's worth, I think this should be fixed
develope
Hi Alan,
as David just said, we indeed have short term plans to move in that
directions. At the moment, any webapp is "shielded" by 3 layers of security
measures:
- the script are not injected in the same js as world as the webpage's
(only share the DOM),
- they are subject to the same CORS, etc.
On Sat, Apr 11, 2015 at 12:15 AM, Alan Bell wrote:
> Hi all,
>
> there is a somewhat sparsely documented feature of webapps that allow you
> to specify --webappModelSearchPath=. as a parameter of webapp-container in
> the .desktop file and have a file called webapp-properties.json in the
> projec
Hi all,
there is a somewhat sparsely documented feature of webapps that allow
you to specify --webappModelSearchPath=. as a parameter of
webapp-container in the .desktop file and have a file called
webapp-properties.json in the project. This can specify a script to be
loaded into the webapp,
8 matches
Mail list logo
