[whatwg] The problem of duplicate ID as a security issue

On Wed, 15 Mar 2006 16:10:08 +0600, Ric Hardacre <whatwg at cycloid.f9.co.uk>  
wrote:

>>  Sandboxes are quite special things, so we'll need a DOMSandbox anyway.  
>> But instead of adding things like getElementById() to the DOMSandbox  
>> interface, I tend to make the "fake document" which is visible from  
>> inside the sandbox a member of the sandbox itself. The call will look  
>> like sandbox.document.getElementById().

> I think that treating <sandbox> as a document object per-se may be a bit  
> of overkill, from a coding perspective all it should take is for the  
> implementing browser to flag a script as being contained within a  
> sandbox, or not, psudeocode:
>
> documentGetElementByIdWrapper( elementID )
> {
[eaten]
> }

This is not enough. The sandboxed script can try to obtain references to  
nodes ooutside the sandbox by traversing the chain of parentNode links. Do  
you also propose to overload parentNode, nextSibling, and prevSibling  
property-get functions so that they return different results to sandboxed  
scripts?

I think that representing sandboxed content as a separate document is more  
straightforward from the browser design point of view. Maybe I'm wrong,  
I'm not a browser developer myself.


-- Opera M2 9.0 TP2 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]  
<alexey at feldgendler.ru>

Received on Thursday, 16 March 2006 02:44:28 UTC