[whatwg] Content Restrictions

On Mon, 30 Jan 2006 18:49:29 +0600, Gervase Markham <gerv at mozilla.org>  
wrote:

> I found a four-message thread:
> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
> The ideas proposed there are interesting but have the problem I outlined
> in my original message of being capabilities rather than restrictions.

See point 7 in my message:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005301.html

It's specifically targeted at keeping decent security in older browsers.  
User agents that don't support sandboxing won't execute the scripts at all.

I'm very suspicious of any security policy model that doesn't degrade  
safely. If it's anything else, it's OK to define that "older browsers will  
just ignore this". But when it's about security, the possibility of  
exceeding the defined privileges is not acceptable. With security, we  
should always keep on the safe side. If an older user agent, which is any  
of the present browsers, doesn't support the new security model, it  
shouldn't loosen the restrictions. So, if a browser can't run scripts in  
restricted mode, it shouldn't run them at all.

There is a well-known use case: blogs, wikis, forums and other web-based  
systems that allow users enter text with markup. Many of them would like  
to allow some scripting, but because they can't tell good scripts from bad  
ones (which steal cookies, post comments on behalf of the user and do  
other nasty things), they filter out <script>...</script> completely. They  
won't benefit of the content restrictions you propose because they can't  
risk feeding unsafe content to an older browser which doesn't understand  
the restrictions.



-- 
Opera M2 8.5 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station [ICQ: 115226275] <alexey at feldgendler.ru>

Received on Monday, 30 January 2006 06:45:22 UTC