{"json_modified": "2016-03-28T08:26:16.060498", "uuid": "5ad7dcde-790c-42bb-a1a5-63a7bfd1ce87", "title": "Security guidelines", "url": "/en-US/docs/Web/Apps/Security_guidelines", "tags": ["Security", "Apps"], "translations": [], "modified": "2015-09-11T09:21:55", "label": "Security guidelines", "localization_tags": [], "locale": "en-US", "id": 65411, "last_edit": "2015-09-11T09:21:53", "summary": "All Firefox OS apps use <strong>standard web technologies</strong> like HTML, JavaScript, CSS and SVG, but <strong>sensitive app permissions are restricted to privileged apps</strong>, which are delivered in a <strong>signed archive</strong> through the Firefox Market, rather than being deployed dynamically by an arbitrary web server. The purpose is to <strong>allow these apps to be reviewed</strong> from a security and quality perspective, to ensure they can be trusted with increased permissions levels. This section is intended to guide developers in writing secure packaged apps.", "sections": [{"id": "Firefox_OS_Developer_Guide", "title": "Firefox OS Developer Guide"}, {"id": "HTMLJavaScriptCSS_injection_and_XSS", "title": "HTML/JavaScript/CSS injection and XSS"}, {"id": "Secure_communication", "title": "Secure communication"}, {"id": "Web_activities", "title": "Web activities"}, {"id": "Inter-app_communication", "title": "Inter-app communication"}, {"id": "Client-side_storage", "title": "Client-side storage"}, {"id": "Content_Security_Policy", "title": "Content Security Policy"}, {"id": "Permissions", "title": "Permissions"}, {"id": "API-specific_guidance", "title": "API-specific guidance"}, {"id": "Firefox_OS_Reviewer_Guide", "title": "Firefox OS Reviewer Guide"}, {"id": "HTMLJavaScriptCSS_injection_and_XSS_2", "title": "HTML/JavaScript/CSS injection and XSS"}, {"id": "JavaScript_execution_sinks", "title": "JavaScript execution sinks"}, {"id": "HTML_element_sinks", "title": "HTML element sinks"}, {"id": "Location_sinks", "title": "Location sinks"}, {"id": "CSS", "title": "CSS"}, {"id": "Web_Activities", "title": "Web Activities"}, {"id": "Client_Side_Storage", "title": "Client Side Storage"}, {"id": "Content_Security_Policy_2", "title": "Content Security Policy"}, {"id": "Secure_communication_2", "title": "Secure communication"}, {"id": "App_layer_Denial_of_Service", "title": "App layer Denial of Service"}, {"id": "Inter-app_communication_2", "title": "Inter-app communication"}, {"id": "Client-side_storage_2", "title": "Client-side storage"}, {"id": "Other_areas", "title": "Other areas"}, {"id": "Review_the_App_Manifest", "title": "Review the App Manifest"}, {"id": "Permissions_2", "title": "Permissions"}, {"id": "Permission-specific_recommendations", "title": "Permission-specific recommendations"}], "slug": "Web/Apps/Security_guidelines", "review_tags": []}