Hi,
The work on Tails Verification (the replacement of DAVE) and the new
download page is almost done and it's work fine. Still, I got quite
scared reading about the security implications postMessage:
https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
Uzair wrote the code and u already reviewed it but I'd like to have
someone else telling me that this is fine and that only the extension
can send a "verification-success" message to the download page.
The JavaScript in the download page:
https://git-tails.immerda.ch/tails/tree/wiki/src/install/inc/js/dave_2.js
The code of the Tails Verification extension:
https://github.com/usman-subhani/verification-extension/blob/master/src/scripts/contentscript/verify.js