[w3c/manifest] Add guidance for user agents about how to prevent malicious localization strings (Issue #1150)

@mkruisselbrink brought this up today:

What about the scenario where an app looks non-malicious in the current language, but serves malicious fields / values in the localization members of the manifest? e.g. You install in spanish (system is spanish language), but you switch to the english language on your system after. What if the manifest specified, say, "Bank of America" on their english bits, change the icon to that, etc?

I'm not sure it's possible for a site to detect the system's current language setting... maybe it is, it would make sense it could... so then it could change itself?


I think we can use similar protections we have for manifest update, where any changes to security sensitive members would require a confirmation. And so we would likely need to NOT give the OS all the translations of these security sensitive members until that switch is detected, and then we need to show a dialog...

Anyways - I suspect we might want to put something in the spec to alert user agents to this type of attack.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/1150
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/issues/1150@github.com>

Received on Monday, 21 October 2024 19:40:56 UTC