Ric Wright
Ric Wright
I found this page: It includes a list of security bugs fixed, including: [$1000][[669086](https://www.bleepingcomputer.com/news/software/google-chrome-57-released-with-webassembly-support-36-security-fixes/)] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum But if I...
Andrew Gribben commented: I haven't looked at the codebase, but the issue rung a bell with me. Is this helpful? [Chrome contentSecurityPolicy](https://developer.chrome.com/extensions/contentSecurityPolicy) The way I read it Readium would need...
I have now created two simple EPUB test-files, [Tiny-Bad-JS](https://github.com/readium/readium-test-files/tree/master/conformance/Tiny-JS-Bad) and [Tiny-Good-EPUB](https://github.com/readium/readium-test-files/tree/master/conformance/Tiny-JS-Good), following the guidelines in the CSP document Andrew referenced above. As expected, the "Bad" EPUB generated three exceptions, while...
@danielweck Hm. I see in the article referenced above: On the web, such a policy is defined via an HTTP header or meta element. Inside Chrome's extension system, neither is...
Useful info for this discussion, perhaps: [https://developer.chrome.com/webstore/apps_vs_extensions](https://developer.chrome.com/webstore/apps_vs_extensions)
But it's not clear to me that even if we reverted to a "pure" extension that it would solve our problem. Or is it that we could, as an extension,...
@attilavago Thanks! I would agree with the benefits you outline. This direction is, I am afraid, probably our only viable course. The problems include having to migrate hundreds of thousands...
Moving it out at least until 1.2
Aside from the conflicts noted above and in the related PR 211, is there more work to be done here?
Defer out of 0.22 because there is more testing and some minor modifications still needed.