Google Git
Sign in
chromium / chromium / src / 0f2a39f8848944d762d9f48f2ae65b808c422114^! / . / docs / security / faq.md
commit0f2a39f8848944d762d9f48f2ae65b808c422114[log] [tgz]
authorCamille <[email protected]>Fri Nov 04 10:45:04 2022
committerChromium LUCI CQ <[email protected]>Fri Nov 04 10:45:04 2022
tree5c05568a2a65f953851f713c0a51bfccc10b2db7
parent23f86808eed2f60911e228fa310f8bd78123bf68 [diff] [blame]
[Documentation] Add Web Platform Security Guidelines

This CL adds documentation regarding a set of guidelines the Web
Platform Security team encourages Web Platform APIs to follow to
keep those APIs and the Web Platform secure.

Change-Id: I779ed48e272db76349d8b0371fee6c19b8e50720
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3695201
Reviewed-by: Chris Thompson <[email protected]>
Reviewed-by: Balazs Engedy <[email protected]>
Reviewed-by: Mike West <[email protected]>
Commit-Queue: Camille Lamy <[email protected]>
Reviewed-by: Adrian Taylor <[email protected]>
Reviewed-by: Rakina Zata Amni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1067467}

diff --git a/docs/security/faq.md b/docs/security/faq.md
index 2a8b0ac..fd14f04 100644
--- a/docs/security/faq.md
+++ b/docs/security/faq.md

@@ -465,6 +465,11 @@
 of user expectations, we will attempt to remedy these policies and we will apply
 the guidance laid out in this document to any newly added policies.
 
+See the [Web Platform Security
+guidelines](https://chromium.googlesource.com/chromium/src/+/master/docs/security/web-platfom-security-guidelines.md#enterprise-policies)
+for more information on how enterprise policies should interact with Web
+Platform APIs.
+
 <a name="TOC-Can-I-use-EMET-to-help-protect-Chrome-against-attack-on-Microsoft-Windows-"></a>
 ### Can I use EMET to help protect Chrome against attack on Microsoft Windows?
 
@@ -640,6 +645,10 @@
 securely, it cannot actually provide any guarantee. (After all, a MITM attacker
 could have modified the code, if it was not transported securely.)
 
+See the [Web Platform Security
+guidelines](https://chromium.googlesource.com/chromium/src/+/master/docs/security/web-platform-security-guidelines.md#encryption)
+for more information on security guidelines applicable to web platform APIs.
+
 <a name="TOC-Which-origins-are-secure-"></a>
 ### Which origins are "secure"?