| Adrian Taylor | b8d6a2d | 2021-11-10 06:38:40 | [diff] [blame^] | 1 | # Security rules |
| 2 | |
| 3 | This is a list of the security policies Chromium has published. |
| 4 | |
| 5 | * [Rule of Two](rule-of-2.md) - don't handle untrustworthy data in the browser |
| 6 | process in an unsafe language |
| 7 | * [The browser process should not handle messages from web |
| 8 | content](handling-messages-from-web-content.md) |
| 9 | * [Behavior should be part of Chrome's binaries or delivered via component |
| 10 | updater](behavior-over-the-internet.md) rather than delivered dynamically |
| 11 | * Rules for [Android IPC](android-ipc.md) |
| 12 | * [Always assume a compromised renderer](compromised-renderers.md) |
| 13 | * [Use origin not URL for security decisions](origin-vs-url.md) |
| 14 | * [Controlling access to powerful web platform |
| 15 | features](permissions-for-powerful-web-platform-features.md) |
| 16 | |
| 17 | You can also find our position on various matters in the [security FAQ](faq.md): |
| 18 | for example, on local attackers or on the privilege accorded to enterprise |
| 19 | admins. |
