- From: Christian Liebel <notifications@github.com>
- Date: Wed, 27 May 2020 13:57:35 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 May 2020 20:57:47 UTC
@christianliebel commented on this pull request. > @@ -532,6 +532,19 @@ <h3 id="navigation-scope-security-considerations"> security reasons. It ensures that users are always aware of which <a>origin</a> they are interacting with. </p> + <p> + Despite this, there is still a potential spoofing risk, if an + installed app pretends to navigate to an out-of-scope site on another + <a>origin</a>. The site shows a fake version of the user agent's + prominent out-of-scope UI, indicating to the user that it is on + another origin, while in reality, the user has never navigated away + from the installed app's origin, and the user agent is not showing + any out-of-scope UI. User agents MAY wish to ensure that the + out-of-scope UI is not shown in a location that can be spoofed by the Done! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/748#discussion_r431437424
Received on Wednesday, 27 May 2020 20:57:47 UTC