- From: Maciej Stachowiak <mjs@apple.com>
- Date: Mon, 19 Dec 2005 18:01:27 -0800
On Dec 19, 2005, at 2:40 PM, Ian Hickson wrote: > >>>> "Untrusted content" is unclear. It implies the existence of >>>> something that isn't "untrusted content", i.e. "trusted content". >>>> Where is that defined? I do not believe it is defined anywhere, in >>>> which case specifying its behavior seems non-useful. >>> >>> I have rephrased this sentence. >> >> I think this section is still somewhat problematic because a >> reasonable >> behavior is to allow "get" posts to "file:" URLs from a local file >> document that is not marked trusted in any special way, as such a >> document can already do normal "file:" URL loads anyway through other >> mechanisms. > > Um, they shouldn't be able to. Or at least, in many UAs they can't. Do you know of UAs that will prevent a file: URL document from loading another file: URL in a frame or iframe? Or apply any restrictions to scripting access to the resulting document. I don't know of any that will. Form submission to a file: URL with the get method doesn't afford any new avenues of attack that this capability doesn't. >> And this is much less risky than allowing execution of prgrams or >> writing/deleting of files. > > Depends on what file you allow access to (/dev/mouse?) I don't think reading /dev/mouse will specifically do anything bad, but I see your point. For file: in file: inclusion I think it would be wise to exclude certain system paths such as /dev and /etc. I think this may be done already. Regards, Maciej
Received on Monday, 19 December 2005 18:01:27 UTC