Request for security review of W3C Manifest spec

The WebApps WG would like to request a security review of the "Manifest for web application" spec [1]. The spec is more or less feature complete and early implementations are starting in Gecko and Blink, so we hope it's the appropriate time to request this review. 

If possible, please file issues you find in GitHub [2] - otherwise, we can discuss here (but please make sure I am CC'd as I'm not subscribed to this list! Probably also applies to most people on the CC list). 

This specification defines a JSON-based manifest, which provides developers with a centralized place to put metadata associated with a web application. This includes, but is not limited to, the web application's name, links to icons, as well as the preferred URL to open when a user launches the web application. The manifest also allows developers to declare a default orientation for their web application, as well as providing the ability to set the display mode for the application (e.g., in fullscreen).

We look forward to your feedback. 


Marcos Caceres

Received on Monday, 26 May 2014 15:55:00 UTC