Closed
Bug 820271
Opened 13 years ago
Closed 13 years ago
Validate "Webapps:Uninstall" message parameters in the parent process
Categories
(Core :: DOM: Device Interfaces, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: pauljt, Unassigned)
References
Details
Webapps.js only allows an page to uninstall apps itself (app.origin is set to current origin). Being able to craft this message allows child to uninstall any application. Parent could check that origin being unstailled is origin of sender of message - but I guess this would break the home screen. So perhaps only allow uninstall for other origins if the sender has the webapps-manager permission.
| Reporter | ||
Comment 1•13 years ago
|
||
combining these.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•