Created
December 13, 2013 15:16
-
-
Save AutomatedTester/7945759 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HG changeset patch | |
| # User David Burns <dburns@mozilla.com> | |
| # Date 1386947708 0 | |
| # Fri Dec 13 15:15:08 2013 +0000 | |
| # Node ID a3357d2d2919b65fb903c5899112a9ac7a860cdf | |
| # Parent bb950710e5b434e2f561075c25b426e8df1d1e8c | |
| [mq]: security | |
| diff --git a/footer.html b/footer.html | |
| --- a/footer.html | |
| +++ b/footer.html | |
| @@ -8,17 +8,51 @@ | |
| <p>There is no requirement for local or remote implementations to be thread safe. Local ends SHOULD support serialized access from multiple threads.</p> | |
| </section> | |
| <section class='appendix'> | |
| <h2>Logging</h2> | |
| <p></p> | |
| </section> | |
| - | |
| + <section class='appendix'> | |
| + <h2>Security and Privacy</h2> | |
| + <p>The following section is non-normative.</p> | |
| + <section> | |
| + <h3>Privacy</h3> | |
| + <p>The local end should create a new profile when creating a new session. If a new profile | |
| + can be created it MUST NOT copy the default profile that is being used to | |
| + prevent any unexpected behaviour when the remote end is accessing content.</p> | |
| + </section> | |
| + <section> | |
| + <h3>Security</h3> | |
| + <p>When the remote end SHOULD have a specific command line argument and | |
| + SHOULD have user agent configuration preference that is tested when the | |
| + user agent starts up. | |
| + <p>When the local end creates a new session the remote end MUST limit | |
| + connections to <code>127.0.0.1</code> IPV4 address or <code>::1</code> | |
| + IPV6 address. This will prevent new sessions being created without having | |
| + a specific proxy installed on the remote end.</p> | |
| + <p>If any of these requirements fail then a | |
| + <code><a href="#status-session-not-created">session not created</a></code> | |
| + error MUST be thrown when the local end tries to create a new session. | |
| + </section> | |
| + <section> | |
| + <h3>Fingerprinting</h3> | |
| + <p>The following will allow web sites to know that the user interacting | |
| + with the content is not a real user. This can be used to prevent denial | |
| + of service attacks. | |
| + <p>When the user agent has started up it SHOULD add a read only property | |
| + to <code>window.navigator.webdriver</code>. The value should be set to | |
| + <code>true</code> when WebDriver is active. When WebDriver is not active | |
| + then the value is equal to <code>false</code>. | |
| + <p>When the content has loaded the user agent should add a data attribute | |
| + to the <code><body></code> element. | |
| + </section> | |
| + </section> | |
| <section class='appendix'> | |
| <h2>Mapping to HTTP and JSON</h2> | |
| <p></p> | |
| </section> | |
| <section class='appendix'> | |
| <h2>Acknowledgements</h2> | |
| <p> | |
| diff --git a/webdriver-spec.html b/webdriver-spec.html | |
| --- a/webdriver-spec.html | |
| +++ b/webdriver-spec.html | |
| @@ -2334,17 +2334,48 @@ assertEquals(style, recovered); | |
| <p>There is no requirement for local or remote implementations to be thread safe. Local ends SHOULD support serialized access from multiple threads.</p> | |
| </section> | |
| <section class='appendix'> | |
| <h2>Logging</h2> | |
| <p></p> | |
| </section> | |
| - | |
| + <section class='appendix'> | |
| + <h2>Security and Privacy</h2> | |
| + <p>The following section is non-normative.</p> | |
| + <section> | |
| + <h3>Privacy</h3> | |
| + <p>The local end should create a new profile when creating a new session. If a new profile | |
| + can be created it MUST NOT copy the default profile that is being used to | |
| + prevent any unexpected behaviour when the remote end is accessing content.</p> | |
| + </section> | |
| + <section> | |
| + <h3>Security</h3> | |
| + <p>When the remote end SHOULD have a specific command line argument and | |
| + SHOULD have user agent configuration preference that is tested when the | |
| + user agent starts up. | |
| + <p>When the local end creates a new session the remote end MUST limit | |
| + connections to <code>127.0.0.1</code> IPV4 address or <code>::1</code> | |
| + IPV6 address. This will prevent new sessions being created without having | |
| + a specific proxy installed on the remote end.</p> | |
| + <p>If any of these requirements fail then a | |
| + <code><a href="#status-session-not-created">session not created</a></code> | |
| + error MUST be thrown when the local end tries to create a new session. | |
| + </section> | |
| + <section> | |
| + <h3>Fingerprinting</h3> | |
| + <p>When the user agent has started up it SHOULD add a read only property | |
| + to <code>window.navigator.webdriver</code>. The value should be set to | |
| + <code>true</code> when WebDriver is active. When WebDriver is not active | |
| + then the value is equal to <code>false</code>. | |
| + <p>When the content has loaded the user agent should add a data attribute | |
| + to the <code><body></code> | |
| + </section> | |
| + </section> | |
| <section class='appendix'> | |
| <h2>Mapping to HTTP and JSON</h2> | |
| <p></p> | |
| </section> | |
| <section class='appendix'> | |
| <h2>Acknowledgements</h2> | |
| <p> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment