- From: Matthew Ryan <notifications@github.com>
- Date: Thu, 12 Oct 2017 05:06:29 -0700
- To: w3c/webcomponents <webcomponents@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 12 October 2017 12:06:51 UTC
> May I add a couple legitimate use cases for hard-private, inaccessible DOM @isiahmeadows please do > Guarding an `<input type="username">`/`<input type="password">` from successful script injection and/or malicious extensions. This is not something the shadow DOM was created for, and it doesn't give any *guarantees* of security. To quote from an [earlier email](https://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0333.html) on the topic: > > Stay after class and write 100 times on the board: "Type 2 is not a security boundary". > Currently, all it takes is a single successful XSS attack to literally read a user's password as they type it[...] The only way to stop it at this stage is via CSP policy, and some form of MITM mitigation like TLS This is also a problem with (session) cookies, etc. A properly set CSP is the way to make these guarantees. If you are MITM-ed, game over anyway. Shadow DOM may help in this way, but it's not the intention of the design, and I don't think it's a good argument for closed shadow DOMs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webcomponents/issues/640#issuecomment-336109717
Received on Thursday, 12 October 2017 12:06:51 UTC