W3C home > Mailing lists > Public > www-dom@w3.org > April to June 2001

Re: Security recommendation for DOM?

From: Philippe Le Hegaret <plh@w3.org>
Date: Tue, 05 Jun 2001 14:00:49 -0400
Message-ID: <3B1D1E51.5ED0DF1C@w3.org>
To: Brian <netdemonz@yahoo.com>
Cc: www-dom@w3.org
Brian wrote:
> 
> Mozilla/Netscape 6 has a security model that makes a lot of the DOM not
> work. Although this is ok, there are some lines that get blurred - i.e.
> which parts of the contentDocument of a frame can one domain access of the
> site in the frame? Obviously the title can't hurt anything, and it would be
> good if there was a security recommendation to make problems not occur
> because of differing security models in browsers.

Not addressed by DOM 1, 2 or 3. Our issue list still has this item but again,
not sure about its future yet.

[[[
1.9. Security, Validity and Privacy [After Level 1]

Security, validity, and privacy considerations are interrelated and entwined. DOM
will initially provide simple
"sandbox" security; subsequent levels are expected to incorporate more
sophisticated mechanisms. 

  1.Each object must be responsible for maintaining its own internal consistency. 
  2.It must be safe to have multiple threads operating on the same object. 
  3.Object locking must be incorporated to ensure consistent results. 
  4.It must be possible to prevent scripts on one page from accessing another
page. 
  5.Firewall boundaries must be respected. 
  6.It must be possible to restrict access and navigation to specific elements. 
  7.An external security API will be provided. 

]]]

-- Document Object Model Requirements
http://www.w3.org/TR/1998/WD-DOM-19980416/requirements
Mon, 13 Mar 2000 14:38:57 GMT

Philippe
Received on Tuesday, 5 June 2001 14:00:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 22 June 2012 06:13:48 GMT