Re: Request for security review of W3C Manifest spec


Looping in the Web Application Security WG, who might also be interested in
having a look.


Mike West <>
Google+:, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Mon, May 26, 2014 at 5:54 PM, Marcos Caceres <> wrote:

> The WebApps WG would like to request a security review of the "Manifest
> for web application" spec [1]. The spec is more or less feature complete
> and early implementations are starting in Gecko and Blink, so we hope it's
> the appropriate time to request this review.
> If possible, please file issues you find in GitHub [2] - otherwise, we can
> discuss here (but please make sure I am CC'd as I'm not subscribed to this
> list! Probably also applies to most people on the CC list).
> Abstract:
> This specification defines a JSON-based manifest, which provides
> developers with a centralized place to put metadata associated with a web
> application. This includes, but is not limited to, the web application's
> name, links to icons, as well as the preferred URL to open when a user
> launches the web application. The manifest also allows developers to
> declare a default orientation for their web application, as well as
> providing the ability to set the display mode for the application (e.g., in
> fullscreen).
> We look forward to your feedback.
> [1]
> [2]
> --
> Marcos Caceres

Received on Monday, 26 May 2014 17:48:36 UTC