[whatwg] Sandboxing scripts: call for a wider discussion

On Mon, 23 Jan 2006 09:14:02 +0600, Ian Hickson <ian at hixie.ch> wrote:

> Worry not, they're not being ignored. There are hundreds of good ideas
> being suggested to this list; all will be examined and responded to  
> before the spec is finished. Currently the focus is on the parser  
> section.

Nice to hear that.

> I agree that sandboxing is very important. There are some big problems
> with it -- how to get some level of backwards compatibility without
> exposing 99% of users to security risks,

That was in my proposal: to introduce the <safe-script> element,  
safe-onclick etc attributes, and safe-javascript: URI scheme. These would  
be ignored by older UAs, so the scripting is kept on the safe side: if  
sandboxing is not supported, then scripts are not executed at all.

> how to make it possible to
> sandbox arbitrary content (that can't, e.g., do:
>
>    document.write("</sandbox>");

AFAIK, document.write is not standardized anywhere at all (am I right?)  
But because user agents will continue to implement document.write even if  
it's not standardized, it should be somehow defined how document.write  
works inside a sandbox. Because "document" is somewhat fake in the  
sandbox, I think document.write("</sandbox>") should do the same as doing,  
e.g., document.write("</div>") when there was no opening <div>.

But I agree there is much more to discuss to make sure it's a useful and  
safe feature.


-- 
Opera M2 8.5 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station [ICQ: 115226275] <alexey at feldgendler.ru>

Received on Monday, 23 January 2006 03:07:49 UTC