Closed
Bug 724035
Opened 13 years ago
Closed 13 years ago
find a secure way to relax the restriction on webapp launch_path GET args
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bwalker, Unassigned)
References
Details
at present, GET args in a launch_path are removed prior to being used to launch the App. We should explore whether it is possible to relax this restriction without introducing new security risks.
For example -- If we relax this restriction, an App developer could submit different manifests to different App stores that differ only by a GET arg; this would allow them to distinguish which App Store lead to a given installation.
Comment 1•13 years ago
|
||
I think it must be a bug that this is being removed; nothing we've ever discussed would preclude GET args.
Updated•13 years ago
|
Component: General → DOM: Mozilla Extensions
OS: Mac OS X → All
Product: Web Apps → Core
QA Contact: general → general
Hardware: x86 → All
Updated•13 years ago
|
Whiteboard: [mozappapi]
Updated•13 years ago
|
Whiteboard: [mozappapi]
Comment 2•13 years ago
|
||
Tested here, and I cannot reproduce any problem with a query string: http://app1.ianbicking.org/?manifest=manifest-get.webapp
Installation works, and app.launch() starts the app with the query string.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•12 years ago
|
Component: DOM: Mozilla Extensions → DOM
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•