Closed
Bug 1686677
Opened 4 years ago
Closed 4 years ago
Update the text on "Adding Glean to your project" page to include Glean.js
Categories
(Data Platform and Tools Graveyard :: Glean.js, task, P1)
Data Platform and Tools Graveyard
Glean.js
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: brizental, Assigned: Dexter)
References
Details
(Whiteboard: [telemetry:glean-js:m1])
Attachments
(1 file)
No description provided.
|
Reporter | |
Updated•4 years ago
|
See Also: → 1682785
Whiteboard: [telemetry:glean-js:m?] → [telemetry:glean-js:m1]
|
|
Reporter | |
Updated•4 years ago
|
Assignee: nobody → brizental
Priority: P4 → P1
|
|
Reporter | |
Comment 1•4 years ago
•
|
||
From Glean.js security review report:
The storage will, however, be isolated from code on websites and other web extensions. The biggest risk there would be if there was a privilege-escalation attack into the context of the web extension using Glean.js, allowing malicious scripts to call Glean APIs or use the browser.storage.local APIs directly. That would be a risk to Glean data, but not caused by Glean.js. Glean-using extensions should be careful not to relax the default Content-Security-Policy that generally prevents these attacks.
Let's include this information somewhere on this page.
|
|
Reporter | |
Updated•4 years ago
|
Assignee: brizental → nobody
|
|
Reporter | |
Updated•4 years ago
|
Priority: P1 → P4
|
Assignee | |
Updated•4 years ago
|
Assignee: nobody → alessio.placitelli
Priority: P4 → P1
|
||
Comment 3•4 years ago
|
||
|
|
Assignee | |
Updated•4 years ago
|
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Product: Data Platform and Tools → Data Platform and Tools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•