Re: ACS (was Re: Seamless iframes + CSS3 selectors = bad idea)

oh btw.. I just notices this thread says ACS..

nice! :D but my main objective was to add sandboxes to HTML.. if it's even
possible at this point.
-- Eduardo
http://www.sirdarckcat.net/

Sent from Hangzhou, 33, China

On Tue, Dec 8, 2009 at 6:19 PM, sird@rckc.at <sird@rckc.at> wrote:

> Oh, and in this case, my sandbox (Phantom sandbox) I use the native firefox
> protection of "nodeless" or "ghost" documents from the generated principal..
>
>
> So it should be safe.. there are quite a few ways of making a safe js
> sandbox, specially if we have browser's support (wrappers + independent
> principals mostly).
>
>
> Greetings!!
> -- Eduardo
> http://www.sirdarckcat.net/
>
> Sent from Hangzhou, 33, China
>
> On Tue, Dec 8, 2009 at 5:43 PM, gaz Heyes <gazheyes@gmail.com> wrote:
>
>> 2009/12/8 Adam Barth <w3c@adambarth.com>
>>
>>> It's not as simple as that.  It is very difficult to mix JavaScript
>>> objects that belong to different principals.  You can do it if you
>>> constrain the attacker to a "safe" subset of JavaScript like Caja, but
>>> in general, the attacker can wreck you with leaked pointers.
>>>
>>
>> I constrain javascript using $$ rewriting. So for example:-
>>
>> x=alert;
>> x(1)
>>
>> Becomes:-
>> var $x$;$window$.$x$=$x$;
>> $x$=$alert$;
>> $x$(Number(1))
>>
>> The code is executed in a iframe window and every function/property is
>> whitelisted. var is used to make all variables fallback to local scope and a
>> fake window object is used when doing stuff like:-
>> (1,[].sort)() // Firefox leaks window
>>
>> I run a syntax check using function before and after the conversion. It
>> seems pretty safe but I haven't really had much help apart from a few people
>> on sla.ckers. The only drawback is objects that belong to another window, in
>> that case I need to pass the window scope to check if objects return to
>> window.
>>
>
>