- From: Kristof Zelechovski <giecrilj@stegny.2a.pl>
- Date: Tue, 15 May 2007 13:28:05 +0200
The OP probably meant that maintaining so many contexts would cause a comparable deterioration in performance. All user comments should be put in one security context. With all comments grouped together in such a manner, you could even use an inline frame. Chris -----Original Message----- From: whatwg-bounces@lists.whatwg.org [mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Alexey Feldgendler Sent: Tuesday, May 15, 2007 1:22 PM To: whatwg at whatwg.org Subject: Re: [whatwg] Sandboxing ideas On Tue, 15 May 2007 13:02:51 +0200, Gervase Markham <gerv at mozilla.org> wrote: >> I'd treat these two problems as equally important. A separate HTTP >> request per forum comment on the page is completely unacceptable. > Would you really want separate security contexts for each comment? I wouldn't want to allow people screw up others' comments, making it look that other users wrote what they didn't write. So, yes, it's important that any code within a comment cannot change anything but itself. This also means that the comment should be unable to change the header/footer around it to pretend that someone else wrote it. -- Alexey Feldgendler <alexey at feldgendler.ru> [ICQ: 115226275] http://feldgendler.livejournal.com
Received on Tuesday, 15 May 2007 04:28:05 UTC