- From: Marcos Caceres <notifications@github.com>
- Date: Sun, 18 Jan 2015 23:26:52 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/305/70454860@github.com>
(Can other people please check this ... I wrote these out in long form in case we want to integrate this at various points in the spec) ### deal with personally-identifiable information? No. Not more than for any other resource. ### deal with high-value data? This specification does not directly deal with high-value data. However, installed applications and their data could be seen as "high value". ### introduce new state for an origin that persists across browsing sessions? This specification introduces new state for an origin that persists across browsing sessions. The scope member can restrict navigation to a set of URLs (in as far as it represents the scope to which the manifest is applied) - forcing URLs outside the scope to be directed elsewhere (maybe even to another user agent). Additionally, scope member can be used to capture a set of URLs. ### expose cross-origin persistent state to the web? Maybe. Usure if the display-mode: media feature counts. ### expose any other data to an origin that it doesn’t currently have access to? No. ### enable new script execution mechanisms? No. However, it does allow reuse of existing mechanisms. ### allow an origin access to a user’s location? No. ### allow an origin access to sensors on a user’s device? No. ### allow an origin access to aspects of a user’s local computing environment? This specification allows an origin access to aspects of a user’s local computing environment: Through a CSS media query, a script can know the display mode that a web application is in. An attacker could, in such a case, create a repli of browser chrome ### allow an origin access to other devices? No. ### allow an origin some measure of control over a user agent’s native UI? This specification allows an origin some measure of control over a user agent’s native UI. In particular, the display mode can make the whole browser UI be hidden by putting the application into fullscreen. Furthermore, by neglecting to define an scope, it's possible to put an web application into a display mode that persists cros-origin. For example, user installs example.com - which neglects to include a scope, but puts the app into `fullscreen`. The user navigates from within the app from example.com to foo.com. It is left to the user agent to either stop applying the manifest when a cross-origin navigation occurs or to show some sort of security warning to the user. For instance, in Chrome Beta, the URL bar is displayed when a user goes from one domain to another. ### expose origin-controlled data to an origin? No. Not more than any other resource. ### expose temporary identifiers to the web? No. ### distinguish between behavior in first-party and third-party contexts? This specification distinguish between behavior in first-party and third-party contexts. In particular, if a `scope` member is declared in the manfiest, it is not possible to navigate the top-level browsing context to somewhere outside the scope while the manifest is being applied. ### have a "Security Considerations" and "Privacy Considerations" section? Yes. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/305#issuecomment-70454860
Received on Monday, 19 January 2015 07:27:21 UTC