W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Tyler Close <tyler.close@gmail.com>
Date: Tue, 9 Jun 2009 09:29:25 -0700
Message-ID: <5691356f0906090929q260f6e6dwac4f2886730abce4@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: "Mark S. Miller" <erights@google.com>, Jonas Sicking <jonas@sicking.cc>, Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
On Tue, Jun 9, 2009 at 12:54 AM, Anne van Kesteren<annevk@opera.com> wrote:
> On Tue, 09 Jun 2009 03:39:19 +0200, Mark S. Miller <erights@google.com> wrote:
>> This use-case was the motivation for ADsafe, though any of the JavaScript
>> sanitizers would do.
>>
>> Without some such sanitization technology, it remains unsafe to load
>> untrusted ads directly on your page. Adam and I are still arguing fine
>> points of just how unsafe, but there's no question that the answer is at
>> least "too unsafe".
>>
>> With GuestXMLHttpRequest, such sanitized ads could be allowed to call
>> home safely without being able to impersonate their containing page's origin.
>
> Why can such ads not be embedded using a seamless sandboxed <iframe> from HTML5?

I think there are two main reasons:

1. ADsafe, Caja and others provide finer grained control over what the
widget can do.

2. All ads/widgets are fetched by the same HTTP request that fetches
the containing page. The overhead of a separate iframe per ad/widget
was too much for the expected use-cases.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Received on Tuesday, 9 June 2009 16:30:02 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT