W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: Component Model is not an Isolation Model

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 10 Mar 2011 12:35:28 -0800
Message-ID: <AANLkTinGOLJJnVvv4goYYGT133nWpMeHiwuuw_xONKtR@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: robert@ocallahan.org, Dimitri Glazkov <dglazkov@chromium.org>, public-webapps <public-webapps@w3.org>
On Thu, Mar 10, 2011 at 11:54 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 3/10/11 4:59 AM, Robert O'Callahan wrote:
>> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbarsky@mit.edu
>> <mailto:bzbarsky@mit.edu>> wrote:
>>    1)  Cross-site components are safe to use.
>> I'm less enthusiastic about #1. In many situations, perhaps most,
>> developers can choose to trust a component and host it themselves, and
>> there's no problem. Some "widget" use cases can be solved with IFRAMEs
>> instead. What use cases for cross-site component loading are left?
> CDNs of various sorts, dedicated hostnames for different sorts of content (a
> la existing images.something.com setups), that sort of thing.
> If we want to not allow cross-site loading at all, those cases break. If we
> want to allow it, we should try to make it hard to shoot yourself in the
> foot by doing it, imo.

IMHO, it's important to make cross-site interactions predictable.  For
example, <script> works well with CDNs but doesn't provide any
isolation.  Now, you might say that <script> leaves something to be
desired w.r.t. security, and I'd certainly agree.  :)

Received on Thursday, 10 March 2011 20:36:36 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:30 UTC