W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: [whatwg] Fetch, MSE, and MIX

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 15 Apr 2015 09:45:27 -0700
Message-ID: <CABkgnnWRixUL=P2Qx6JVNMtjyUFW2a4SvufwMe0o5agBHZVLbw@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Domenic Denicola <d@domenic.me>, Matthew Wolenetz <wolenetz@google.com>, Aaron Colwell <acolwell@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, WHATWG <whatwg@whatwg.org>, Brad Hill <hillbrad@gmail.com>, Ryan Sleevi <sleevi@google.com>, "public-html-media@w3.org" <public-html-media@w3.org>
On 14 April 2015 at 22:16, Anne van Kesteren <annevk@annevk.nl> wrote:
> None of that should be particularly hard, though I do worry that the
> further we get away from Response, the more we might lose sight of
> what we are trying to protect and make mistakes.

Indeed, the risk of error is definitely a concern.  A similar practice
(marking things with origins) happens all over the place in media
code.  It requires discipline, but it isn't especially difficult.

I believe that the easiest way to avoid this is to make an attempt to
read Response.body raise a SecurityError if the origin is different
(in Firefox terms, we would say "if the response principal is not
subsumed by the script principal").
Received on Wednesday, 15 April 2015 16:45:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC