| Adrian Taylor | b8d6a2d | 2021-11-10 06:38:40 | [diff] [blame] | 1 | # Security rules |
| 2 | |
| 3 | This is a list of the security policies Chromium has published. |
| 4 | |
| 5 | * [Rule of Two](rule-of-2.md) - don't handle untrustworthy data in the browser |
| 6 | process in an unsafe language |
| 7 | * [The browser process should not handle messages from web |
| 8 | content](handling-messages-from-web-content.md) |
| 9 | * [Behavior should be part of Chrome's binaries or delivered via component |
| 10 | updater](behavior-over-the-internet.md) rather than delivered dynamically |
| 11 | * Rules for [Android IPC](android-ipc.md) |
| 12 | * [Always assume a compromised renderer](compromised-renderers.md) |
| 13 | * [Use origin not URL for security decisions](origin-vs-url.md) |
| 14 | * [Controlling access to powerful web platform |
| 15 | features](permissions-for-powerful-web-platform-features.md) |
| Emily Stark | 890170f | 2022-12-01 03:16:31 | [diff] [blame] | 16 | * [Security considerations for browser UI](security-considerations-for-browser-ui.md) |
| Adrian Taylor | ddafac0 | 2023-05-10 16:53:52 | [diff] [blame] | 17 | * [Guidelines for URL display](url_display_guidelines/url_display_guidelines.md) |
| Charlie Reis | 28887a57 | 2023-10-06 23:15:54 | [diff] [blame] | 18 | * [Avoid adding cross-origin full-page overlays](overlay-policy.md) |
| Adrian Taylor | b8d6a2d | 2021-11-10 06:38:40 | [diff] [blame] | 19 | |
| 20 | You can also find our position on various matters in the [security FAQ](faq.md): |
| 21 | for example, on local attackers or on the privilege accorded to enterprise |
| 22 | admins. |
