cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Maj <>
Subject Re: sysapps runtime cfc passed
Date Mon, 18 Mar 2013 21:21:38 GMT
Highlights w.r.t. Cordova:

1. Application manifest JSON (yay!) [1]:

2. There is an Application interface now in charge of handling:
  - pause/resume/launch/terminate events
  - readonly parameters such as install time, origin, parameters, update
state (downloading, installing), package size
  - methods such as exit, hide, uninstall, update (interesting!)
    - related to update, the spec calls for the update firing
asynchronously, reporting back progress events to the app. metaaaa
3. App Management interface, which is deemed as a "privileged" API, to get
events about the (un)installation of other applications.

Interesting "security" conclusions [2]:

- scripts can only be loaded from inside the app package
- no inline scripts, no eval
- "Media (audio and video) can still be loaded from anywhere;" => this
should inform our media APIs once we get to the audit and finally
determine that the whitelist has no effect on media. This already applies
to images on the web.
- "Network connections can still be opened anywhere using data-centric
APIs like XMLHttpRequest or WebSocket." => implication here is that the
whitelist is, really, useless (which has been my opinion always :D )

Related, I will be attending the SysApps Face to Face in madrid [3] next
month. If anyone from the Cordova community has specific issues that they
would like to see addressed, let me know!


On 3/18/13 9:03 AM, "Giorgio Natili" <> wrote:

>It should be followed (I have had a quick look) but it depends what does
>it means from a development point of view.
>I mean that there is already a roadmap and that this draft should impact a
>lot, so is up to the contributors trying to explain us how much effort is
>On 3/18/13 8:02 AM, "Brian LeRoux" <> wrote:
>>Have a look:
>>What do we think?

View raw message