- From: Jake Archibald <notifications@github.com>
- Date: Wed, 27 May 2015 16:38:04 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Wednesday, 27 May 2015 23:38:31 UTC
Reopening as @sirdarckcat pointed out the following attack: 1. Attacker can execute scripts due to XSS 1. Attacker pollutes caches 1. Attacker polls caches, polluting any that are added This (potentially) means the attacker defends against any "fixes" the site owner attempts to ship. Although this is possible with idb and localstorage, it's much more likely with caches. We need to offer some way out of this, which may include: * Allow a serviceworker to pause execution of scripts on pages (ugh) * Allow a serviceworker to navigate pages (#681) to somewhere safe, another origin even, then it can clean its caches +@slightlyoff --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/698#issuecomment-106110055
Received on Wednesday, 27 May 2015 23:38:31 UTC