Re: Component Model is not an Isolation Model

On Thu, Mar 10, 2011 at 11:54 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 3/10/11 4:59 AM, Robert O'Callahan wrote:
>>
>> On Thu, Mar 10, 2011 at 4:17 PM, Boris Zbarsky <bzbarsky@mit.edu
>> <mailto:bzbarsky@mit.edu>> wrote:
>>
>>    1)  Cross-site components are safe to use.
>>
>> I'm less enthusiastic about #1. In many situations, perhaps most,
>> developers can choose to trust a component and host it themselves, and
>> there's no problem. Some "widget" use cases can be solved with IFRAMEs
>> instead. What use cases for cross-site component loading are left?
>
> CDNs of various sorts, dedicated hostnames for different sorts of content (a
> la existing images.something.com setups), that sort of thing.
>
> If we want to not allow cross-site loading at all, those cases break. If we
> want to allow it, we should try to make it hard to shoot yourself in the
> foot by doing it, imo.

IMHO, it's important to make cross-site interactions predictable.  For
example, <script> works well with CDNs but doesn't provide any
isolation.  Now, you might say that <script> leaves something to be
desired w.r.t. security, and I'd certainly agree.  :)

Adam

Received on Thursday, 10 March 2011 20:36:36 UTC