- From: Robin Berjon <robin@berjon.com>
- Date: Thu, 9 Jun 2011 16:26:15 +0200
- To: Adam Barth <w3c@adambarth.com>
- Cc: public-web-security@w3.org
Hi Adam, On Jun 3, 2011, at 01:55 , Adam Barth wrote: > I don't think there's much hope for this direction. Even without any > additional privileges, an attacker can often cause lots of harm by > exploiting an XSS vulnerability. Naturally, but I'm not sure I see why this means that we should throw our hands up and fail to protect additional privileges appropriately. Just because the barbarians made it all the way to our doors doesn't mean we need let them drink our ale dry, make merry sport with our more attractive daughters, and play Céline Dion karaoke on the village square. Given the rather minimalist approach, which piggybacks a feature that's already been deemed desirable (bundling feature requests) the price to pay for the extra safety is low. -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Thursday, 9 June 2011 14:26:46 UTC