cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [Android] SecureToken/NoFrak feature addition
Date Fri, 31 Jan 2014 19:22:07 GMT
cordova.js goes in you <head>. I don't see how an iframe could get loaded
before it.


On Fri, Jan 31, 2014 at 2:08 PM, Martin Georgiev <mgeorgiev@utexas.edu>wrote:

> On Fri, Jan 31, 2014 at 1:01 PM, Andrew Grieve <agrieve@chromium.org>
> wrote:
> > I don't think there's a chicken and egg problem:
> > State 0 - Native has no token, JS has no token
> > State 1 - JS in main frame include cordova.js
> > State 2 - JS in main frame generates a token, and provides it to native
> > State 3 - Native, not already having a token, accepts it and saves it.
> >
> > Now both JS and native have the same token in memory without needing to
> go
> > through localstorage.
>
> I read the above as:
>
> State 0 - Native has no token, JS has no token
> State 1 - JS in iframe include a modified cordova.js
> State 2 - JS in iframe generates a token, and provides it to native.
> State 2' - Due to frame confusion in some configurations the token is
> visible to anyone.
> State 3 - Native, not already having a token, accepts it and saves it.
>
> Now both JS (both originator and attacker, any pretty much anyone who
> wanted it) and native have the same token in memory without needing to
> go through localstorage.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message