Hi, The work on Tails Verification (the replacement of DAVE) and the new download page is almost done and it's work fine. Still, I got quite scared reading about the security implications postMessage:
https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage Uzair wrote the code and u already reviewed it but I'd like to have someone else telling me that this is fine and that only the extension can send a "verification-success" message to the download page. The JavaScript in the download page: https://git-tails.immerda.ch/tails/tree/wiki/src/install/inc/js/dave_2.js The code of the Tails Verification extension: https://github.com/usman-subhani/verification-extension/blob/master/src/scripts/contentscript/verify.js _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
