Re: [w3c/manifest] Added security consideration advice for out-of-scope UI spoofing. (#748) from Kenneth Rohde Christiansen on 2020-05-27 (public-webapps-github@w3.org from May 2020)

From: Kenneth Rohde Christiansen <notifications@github.com>
Date: Wed, 27 May 2020 02:51:40 -0700
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/pull/748/review/419033975@github.com>

@kenchris commented on this pull request.



> @@ -532,6 +532,19 @@ <h3 id="navigation-scope-security-considerations">
           security reasons. It ensures that users are always aware of which
           <a>origin</a> they are interacting with.
         </p>
+        <p>
+          Despite this, there is still a potential spoofing risk, if an
+          installed app pretends to navigate to an out-of-scope site on another
+          <a>origin</a>. The site shows a fake version of the user agent's

Very long sentences, can it be split up to make it more readable?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/748#pullrequestreview-419033975

Received on Wednesday, 27 May 2020 09:51:53 UTC