- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 8 Dec 2009 01:35:39 -0800
- To: "sird@rckc.at" <sird@rckc.at>
- Cc: gaz Heyes <gazheyes@gmail.com>, Daniel Glazman <daniel@glazman.org>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
As you suggest, I've started a new thread. On Tue, Dec 8, 2009 at 1:29 AM, sird@rckc.at <sird@rckc.at> wrote: > I also like this option: > > 4. add a declarative option to <link> and <style> elements to say > the CSS parser should be in a "sandboxed" mode > > I am doing something like that already on ACS ( > http://docs.google.com/View?id=ddqtfnx3_381fxp3zjf3 ) but having it on HTML5 > would be greaaat. > > Would it be possible to add it to <script>? (I also support this on ACS > using Gareth Heyes's jsreg : http://tinyurl.com/jsreg ). > > In script it could work to define functions with a different principal.. > this way the stuff in there can only work with references it receives from > user functions (should have the same type of protections Mozilla adds to > addons interacting with web content with Wrappers). It's not as simple as that. It is very difficult to mix JavaScript objects that belong to different principals. You can do it if you constrain the attacker to a "safe" subset of JavaScript like Caja, but in general, the attacker can wreck you with leaked pointers. If you'd like to learn more about this, you might be interested in reading: http://www.adambarth.com/papers/2009/barth-weinberger-song.pdf and possibly http://www.adambarth.com/papers/2009/barth-jackson-li.pdf Adam
Received on Tuesday, 8 December 2009 09:36:27 UTC