Sunday, 5 August 2012

Learning Security From Issues

Google is a big company that progressively improves the security of its products. During the progress of my project, Google changed the security settings of its Chrome browser extension several times, and the current version of the manifest file adds a "Content Security Policy", which is an additional layer over its previous design.

The "Content Security Policy" is actually a standard that is defined by w3c, and Google's implementation functions like a black and while list for different websites.

Due to the modification of the manifest file, I need to change my implementation a lot to conform to the standard. I need to remove all "eval()"s in my code and I need to remove the small fragment of code wrote in 2 html file. Apart from those changes, I also need to figure out how to more than one whitelist website, in the manifest file.

Now I am expecting another no-sleep night again.

No comments:

Post a Comment