Re: Issue 100 Zero-Edits Counter Proposal

On Wed, Apr 14, 2010 at 5:01 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
> On Tue, Apr 13, 2010 at 9:53 PM, Shelley Powers <shelley.just@gmail.com> wrote:
>> I'm assuming that there are more use cases, and more target
>> communities, for sandboxing other than just weblogging comments and
>> webloggers. However, the only purpose given for srcdoc was weblogging
>> comments and webloggers, and that was the only one I addressed. I
>> don't feel comfortable speaking for an entire community of people, but
>> I believe that Matt Mullenweg's response,  recorded in the change
>> proposal, was a good indicator that the community isn't interested,
>> and is very unlikely to use the attribute.
>
> I didn't bring this up before, but Wordpress has a *long history* of
> XSS vulnerabilities caused by bad escaping/sanitizing/etc.  If they've
> finally got a handle on it, great.  That's awesome.  But, as I keep
> saying, they're an organization with time and effort to spend on this.
>  And even with that sort of time and effort, they still got it
> dangerously wrong many, many times before they, hopefully, finally did
> things correctly.  And they still could possibly have holes, if new
> capabilities are added in the future that their sanitizers don't
> account for.

Most of Wordpress's problem in the past has been problems with SQL
Injection. I know, I found and fixed more than a few when I had forked
the application at one point.

When you say long history, do you have specifics? Links? I had the
creator of Wordpress, Matt Mullenweg, respond to the necessity of
having to provide a srcdoc attribute, in which to stuff comments so
that we may be protected. He did not indicate interest.

Perhaps you can find other weblog software developers and see if
they're interested. Or, since Ian stated that this attribute was for a
specific use case, ask him to provide documentation backing up the use
case: a request from a weblog developer, a commitment from tool
developers to use it. Something tangible.

I've been working with weblogging software for a decade, and though I
may not be considered expert enough for this organization, I am fairly
comfortable stating that people who work with weblogging
templates--either authors, or tool or template builders, are highly
unlikely to use this attribute.

>
> If regularly-updated Wordpress blogs don't require the sandbox
> security model to protect themselves, that's fine.  But that doesn't
> say anything about:
>
> 1. Infrequently updated Wordpress blogs
> 2. Blogs using some other blogging platform that don't share
> Wordpress's sanitation library
> 3. Blogs written by hand by an author
> 4. Any other system that wishes to display user-generated content
> (retrieved locally, and thus possible to put into the page directly,
> rather than requiring a network request) under the constraints of the
> sandbox security model.
>

Infrequently updates wordpress blogs? You lost me on this.

I use Drupal -- I find it unlikely that Dries would be interested in
srcdoc, either.

Blogs written by hand won't have a comment system. The "by hand" part
negates that type of functionality.

Frankly, if weblogging tool developers aren't keen on srcdoc, I don't
know if you can say that anyone else would be, either.

>
>> Now, others may think all of sandboxing is bad, but they should submit
>> a bug, accordingly.
>
> Half or more of your Change Proposal rationale is arguing that all of
> sandboxing is bad (most particularly, the part arguing that authors
> are too stupid to realize that using <iframe srcdoc sandbox> to
> display comments on their blog won't protect them against SQL
> injection when handling form submission of new comments).  I would
> appreciate it if you would remove those sections and file bugs
> accordingly.
>

Unless you've become the co-chair for this group, please refrain from
telling me to edit my proposals.
>
> ~TJ
>

Shelley

Received on Thursday, 15 April 2010 00:03:15 UTC