Re: Security recommendation for DOM?

Brian wrote:
> 
> Mozilla/Netscape 6 has a security model that makes a lot of the DOM not
> work. Although this is ok, there are some lines that get blurred - i.e.
> which parts of the contentDocument of a frame can one domain access of the
> site in the frame? Obviously the title can't hurt anything, and it would be
> good if there was a security recommendation to make problems not occur
> because of differing security models in browsers.

Not addressed by DOM 1, 2 or 3. Our issue list still has this item but again,
not sure about its future yet.

[[[
1.9. Security, Validity and Privacy [After Level 1]

Security, validity, and privacy considerations are interrelated and entwined. DOM
will initially provide simple
"sandbox" security; subsequent levels are expected to incorporate more
sophisticated mechanisms. 

  1.Each object must be responsible for maintaining its own internal consistency. 
  2.It must be safe to have multiple threads operating on the same object. 
  3.Object locking must be incorporated to ensure consistent results. 
  4.It must be possible to prevent scripts on one page from accessing another
page. 
  5.Firewall boundaries must be respected. 
  6.It must be possible to restrict access and navigation to specific elements. 
  7.An external security API will be provided. 

]]]

-- Document Object Model Requirements
http://www.w3.org/TR/1998/WD-DOM-19980416/requirements
Mon, 13 Mar 2000 14:38:57 GMT

Philippe

Received on Tuesday, 5 June 2001 14:00:54 UTC