+public-webappsec
Looping in the Web Application Security WG, who might also be interested in
having a look.
-mike
--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
On Mon, May 26, 2014 at 5:54 PM, Marcos Caceres <w3c@marcosc.com> wrote:
> The WebApps WG would like to request a security review of the "Manifest
> for web application" spec [1]. The spec is more or less feature complete
> and early implementations are starting in Gecko and Blink, so we hope it's
> the appropriate time to request this review.
>
> If possible, please file issues you find in GitHub [2] - otherwise, we can
> discuss here (but please make sure I am CC'd as I'm not subscribed to this
> list! Probably also applies to most people on the CC list).
>
> Abstract:
> This specification defines a JSON-based manifest, which provides
> developers with a centralized place to put metadata associated with a web
> application. This includes, but is not limited to, the web application's
> name, links to icons, as well as the preferred URL to open when a user
> launches the web application. The manifest also allows developers to
> declare a default orientation for their web application, as well as
> providing the ability to set the display mode for the application (e.g., in
> fullscreen).
>
> We look forward to your feedback.
>
> [1] http://w3c.github.io/manifest/
> [2] https://github.com/w3c/manifest/issues
>
>
> --
> Marcos Caceres
>
>
>