- From: Hill, Brad <bhill@paypal-inc.com>
- Date: Fri, 8 Mar 2013 23:56:09 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>, "WebApps WG (public-webapps@w3.org)" <public-webapps@w3.org>
- Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27958B1D@DEN-EXDDA-S12.corp.ebay.com>
WebApps WG, I have been following with interest (though with less time to give it the attention I wish) the emergence of Web Components and related specifications. (HTML Templates, Shadow DOM, etc.) I wonder if it would be a good time to start discussing the security model jointly with the WebAppSec WG, both on list, and possibly at the upcoming F2F in April? One of our goals in WebAppSec is that a mashup web of re-usable and composable pieces be possible to do securely. An example anti-pattern in this area is the widely deployed <script src="someothersite.com/canOwnYou.js"> pattern for things like analytics, social widgets and social login. This pattern makes the Web more brittle, such as the "Facebook broke the Internet" bug recently when a script error in Facebook Connect redirected a huge chunk of the Web to a Facebook error page. We security folks that work in both the web apps and PKI areas stay awake at night worrying about bad guys getting a certificate for Google Analytics or Omniture and XSS-ing 90% of the Web. I don't see much in these specs or via a quick search of the list archives on the security models for the new Web Component and Shadow DOM type integration models when they involve foreign components. There is some level of isolation implied, but I hope there is interest in defining what, if any, the security guarantees of such are and how we might make this kind of composition more pleasant and useful than a sandboxed iframe, but still robust against errors or attacks such that popular components don't become single points of failure for the entire Web. Thanks, Brad Hill Co-Chair, WebAppSec
Received on Friday, 8 March 2013 23:56:48 UTC