W3C home > Mailing lists > Public > public-web-security@w3.org > January 2017

Call for Feedback: Fighting XSS with Isolated Scripts

From: Eduardo Vela <sirdarckcat@gmail.com>
Date: Thu, 26 Jan 2017 07:57:27 +0000
Message-ID: <CACSvzRy__ra8qQo0Y7rCNXGAshQjK2K42hCEiJ0geRi6QhJJgQ@mail.gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
Hi

In case any of you is interested in XSS mitigations, here's a short
proposal of a somewhat new type of XSS mitigation:

http://sirdarckcat.blogspot.com/2017/01/fighting-xss-with-isolated-scripts.html

There is a prototype implemented as a chrome extension for a demo website.

The things I'm mostly interested to hear about are:

   - Potential adoption concerns by developers
   - Design-level security flaws in the concept
   - Ways to simplify the design further
   - Related but unmitigated vulnerabilities

Thank you for your time!
Received on Thursday, 26 January 2017 07:58:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:41 UTC