- From: Dimitri Glazkov <dglazkov@chromium.org>
- Date: Thu, 10 Mar 2011 14:10:21 -0800
- To: robert@ocallahan.org
- Cc: Boris Zbarsky <bzbarsky@mit.edu>, public-webapps <public-webapps@w3.org>
On Thu, Mar 10, 2011 at 1:57 PM, Robert O'Callahan <robert@ocallahan.org> wrote: > On Fri, Mar 11, 2011 at 8:54 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote: >> >> CDNs of various sorts, dedicated hostnames for different sorts of content >> (a la existing images.something.com setups), that sort of thing. >> >> If we want to not allow cross-site loading at all, those cases break. If >> we want to allow it, we should try to make it hard to shoot yourself in the >> foot by doing it, imo. > > OK, but those are all generally loading from trusted sites, like <script> > does. > > I understand that it would be nice to improve on <script> by protecting > against potential compromise of the other site. However, if document authors > and component API authors don't think hard about the possibility of their > component turning hostile (and I am very confident that they won't!), I fear > that the component will be able to wreak havoc in the container via the APIs > exposed by the component. For example, if we try to enforce protection via a > capability model, it's easy to accidentally leak capabilities through a > carelessly designed API. > > So I'm worried that protecting containers from components will be a burden > on the component model that doesn't lead to much practical benefit. But > maybe I worry too much :-). No, I agree that this is a real concern. You are right, we must do better than just tell authors to use object capabilities. I am hoping to be able to use component encapsulation as enough of the separation to be able to just have a big lever (FRIEND<-->ENEMY) to _slide_ a membrane between the component and its host. This is still thinking in progress :) > Rob > -- > "Now the Bereans were of more noble character than the Thessalonians, for > they received the message with great eagerness and examined the Scriptures > every day to see if what Paul said was true." [Acts 17:11] >
Received on Thursday, 10 March 2011 22:10:56 UTC