----- Original Message ----- > From: "Adam Barth" <[email protected]> > To: "ptheriault" <[email protected]> > Cc: [email protected], "Mozilla B2G mailing list" > <[email protected]>, [email protected] > Sent: Tuesday, March 6, 2012 10:30:48 PM > Subject: Re: [b2g] B2G Threats/Controls > > I won't be able to make the call, but I've left one comment inline: > > On Tue, Mar 6, 2012 at 10:15 PM, ptheriault <[email protected]> > wrote: > > Chris, > > > > - Vulnerable Web App > > - Web application security threats (XSS, SQLi, etc) > > ^^^ One way to address this threat is to require that B2G apps have a > Content-Security-Policy that meets some minimum bar. Chrome has > started doing this with its extensions and packaged apps (see > <http://blog.chromium.org/2012/02/more-secure-extensions-by-default.html>). > You might want to do something similar. >
Yes, definitely. Thanks for the link. Cheers, Chris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
