Re: [w3c/manifest] Define core web manifest to enable extensions (#471) from Marcos Cáceres on 2016-06-23 (public-webapps-github@w3.org from June 2016)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 23 Jun 2016 00:32:48 -0700
To: w3c/manifest <manifest@noreply.github.com>
Cc:
Message-ID: <w3c/manifest/issues/471/227972243@github.com>

@iherman, to your proposal: I would like to generalize some of the algorithms at some point... like "run the steps to process a string", "run the steps to process a space separated list" , etc. and you would get a lot of the security properties for free. It's what implementations do already, and would make the spec a lot smaller. Just haven't found time to do that. 

As a further step, at least in Gecko, we are thinking that once processing of a manifest has occurred, we send it into our WebIDL machinery to further sanitize the manifest. That might happen if we end up exposing the manifest's values to the Web via an JS API - which we currently don't do, but some people are requesting we should. 

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/471#issuecomment-227972243

Received on Thursday, 23 June 2016 07:33:25 UTC