- From: Jeff Pickhardt <pickhardt@gmail.com>
- Date: Fri, 28 Feb 2020 12:22:03 -0800
- To: public-webappsec@w3.org
- Message-ID: <CA+RMjsU15DKK_xX8Zh3fZD4mM_SPDobAYBjFd7E=DQ+RkbPLnw@mail.gmail.com>
Hi subscribers to Public-WebAppSec, I think browsers should explicitly support lettings websites set trusted reference monitors in modern web applications. So I made a proposal: https://github.com/pickhardt/js_reference_monitors Some potential use cases: - to monitor network requests to track, detect, and attempt to prevent data exfiltration from supply chain attacks like Magecart. - to monitor network requests to prevent sensitive data from accidentally being sent to analytics trackers, like accidentally sending social security numbers or credit card numbers to Google Analytics. - to implement a policy restricting content loaded on the page similar to a Content Security Policy header, but with code over configuration. - to prevent cookies from being set before the user has given consent (GDPR). - to prevent or warn the user before navigating away to an untrusted domain. Let me know what you think! Best, Jeff -- Jeff Pickhardt pickhardt@gmail.com
Received on Monday, 2 March 2020 09:28:36 UTC