W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2012

Re: XSS through content-sniffing: good case for CSP sandbox directive

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 12 Mar 2012 18:09:34 -0700
Message-ID: <CAJE5ia-gtvDZSWQn6Bk=Z9bf2fNBAOXZ5GYZZKtyW_Aifws+jA@mail.gmail.com>
To: "Hill, Brad" <bhill@paypal-inc.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Oh, don't get me wrong, the "attachment" use case is great for the
sandbox directive.

Adam


On Mon, Mar 12, 2012 at 6:06 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
> Unless it's a content-type with by-design DOM-access. (java, swf, js, pdf, etc.)  This is a really common problem in systems designed to serve attachments and user uploaded content: webmail, bulletin boards, sharepoint, etc.
>
>> -----Original Message-----
>> From: Adam Barth [mailto:w3c@adambarth.com]
>> Sent: Monday, March 12, 2012 6:01 PM
>> To: Hill, Brad
>> Cc: public-webappsec@w3.org
>> Subject: Re: XSS through content-sniffing: good case for CSP sandbox
>> directive
>>
>> On Mon, Mar 12, 2012 at 5:54 PM, Hill, Brad <bhill@paypal-inc.com> wrote:
>> > http://www.garage4hackers.com/f11/gmail-xss-vulnerability-through-cont
>> > ent-sniffing-2094.html?postcount=1
>> >
>> > A good example of the type of bug we could reduce the impact of with a
>> > sandbox directive in CSP.
>>
>> Or IE could just implement http://mimesniff.spec.whatwg.org/ and avoid all
>> these vulnerabilities.
>>
>> Adam
Received on Tuesday, 13 March 2012 01:10:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 13 March 2012 01:10:34 GMT