Stuart Ballard wrote: >This model also potentially >*introduces* security holes. For example, currently a skin has to be >trusted, because it can provide XBL that binds into chrome:// documents >that are unrestricted. > That would indeed be a problem, because skins are assumed to be untrusted. E.g. the skin install dialog is different from the XPI dialog in that the former doesn't warn about risks.
- Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Ben Bucksch
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? Neil
- Re: Is the security model XBL uses wrong? Neil
- Re: Is the security model XBL uses wrong? Alex Fritze
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? David Hyatt
