- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Tue, 01 Oct 2013 17:01:18 -0700
- To: public-webappsec@w3.org
On 10/1/2013 3:03 PM, Glenn Adams wrote: > In creating a television user interface using the Open Web Platform, > these companies are often not exempted from requirements they > encounter when using other mediums for transmission. In the U.S. at > least, Emergency Alert Services are part of such requirements. If the alerts are part of the video stream they'd be pretty immune from tampering. >> I'd worry far more about malicious addons than compromised ones. The >> former is a reality, but CSP isn't going to help that problem. > > Well, if CSP enabled authors to declare that addons should not inject > script and the end user doesn't override that declaration, then we > believe CSP could help. What stops the malicious addon from simply suppressing such a prompt and injecting itself anyway? Once the user is infected with malware it's no longer their computer and the browser cannot make any guarantees. -Dan Veditz
Received on Wednesday, 2 October 2013 00:01:37 UTC