On 17 February 2015 at 05:32, Anders Rundgren <[email protected] > wrote:
> <iframe trustedapp="com.example.PaymentRequest" ... ></iframe> > <iframe mozapp="app://myapp.com" ...></iframe> > This code should appear to the browser as coming from a virtual domain. > app://myapp.com Unfortunately it turns out that it isn't safe to embed trusted code inside untrusted code in this way because it provides a vector for clickjacking attacks.
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
