[Tails-dev] Security of postMessage between Tails Verificati…

Tämä viesti kuuluu seuraavaan säikeeseen:
M-\Näytä säikeen viestit aikajärjestyksessä
M\M 
MMu ->
Poista viesti

Vastaa
Lähettäjä: sajolida
Päiväys:  
Vastaanottaja: The Tails public development discussion list, Uzair Farooq
Aihe: [Tails-dev] Security of postMessage between Tails Verification and the download page
Hi,

The work on Tails Verification (the replacement of DAVE) and the new
download page is almost done and it's work fine. Still, I got quite
scared reading about the security implications postMessage:

https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

Uzair wrote the code and u already reviewed it but I'd like to have
someone else telling me that this is fine and that only the extension
can send a "verification-success" message to the download page.

The JavaScript in the download page:

https://git-tails.immerda.ch/tails/tree/wiki/src/install/inc/js/dave_2.js

The code of the Tails Verification extension:

https://github.com/usman-subhani/verification-extension/blob/master/src/scripts/contentscript/verify.js

Viesti on lähetetty seuraaville postituslistoille:
tails-dev
Tietoa listasta | Läheiset viestit		<-Re: [Tails-dev] Verification extension [was: HTML prototype for new download page]Re: [Tails-dev] VeraCrypt/TrueCrypt support in GNOME Disks->
lists.autistici.org ylläpitäjä postmasterLurker (versio 2.3)