W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2007

[whatwg] Script origin tracking

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 24 May 2007 22:54:21 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0705242248270.23432@dhalsim.dreamhost.com>
On Thu, 9 Feb 2006, Alexey Feldgendler wrote:

> What you say can be implemented, though, and it has the same underlying 
> requirement as the sandboxing approach that I wrote about before: 
> origin-tracking of every piece of script code. Here are the rules. [...]

These rules, and rules like it (this is a relatively important area of 
security research), have performance characteristics that several browser 
vendors have told me are unacceptable. I think we're stuck with the 
current model, at least for the forseeable future.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 24 May 2007 15:54:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:40 GMT