Re: [ServiceWorker] Should window.caches be removed (or readonly) for security reasons? (#698) from Jake Archibald on 2015-05-27 (public-webapps-github@w3.org from May 2015)

From: Jake Archibald <notifications@github.com>
Date: Wed, 27 May 2015 16:38:04 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/698/106110055@github.com>

Reopening as @sirdarckcat pointed out the following attack:

1. Attacker can execute scripts due to XSS
1. Attacker pollutes caches
1. Attacker polls caches, polluting any that are added

This (potentially) means the attacker defends against any "fixes" the site owner attempts to ship.

Although this is possible with idb and localstorage, it's much more likely with caches.

We need to offer some way out of this, which may include:
* Allow a serviceworker to pause execution of scripts on pages (ugh)
* Allow a serviceworker to navigate pages (#681) to somewhere safe, another origin even, then it can clean its caches

+@slightlyoff 

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/698#issuecomment-106110055

Received on Wednesday, 27 May 2015 23:38:31 UTC