W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2007

[whatwg] Sandboxing ideas

From: Kristof Zelechovski <giecrilj@stegny.2a.pl>
Date: Tue, 15 May 2007 13:28:05 +0200
Message-ID: <000c01c796e4$1b7857d0$1a01080a@POCZTOWIEC>
The OP probably meant that maintaining so many contexts would cause a
comparable deterioration in performance.  All user comments should be put in
one security context.
With all comments grouped together in such a manner, you could even use an
inline frame.
Chris

-----Original Message-----
From: whatwg-bounces@lists.whatwg.org
[mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Alexey Feldgendler
Sent: Tuesday, May 15, 2007 1:22 PM
To: whatwg at whatwg.org
Subject: Re: [whatwg] Sandboxing ideas

On Tue, 15 May 2007 13:02:51 +0200, Gervase Markham <gerv at mozilla.org>  
wrote:

>> I'd treat these two problems as equally important. A separate HTTP  
>> request per forum comment on the page is completely unacceptable.

> Would you really want separate security contexts for each comment?

I wouldn't want to allow people screw up others' comments, making it look  
that other users wrote what they didn't write. So, yes, it's important  
that any code within a comment cannot change anything but itself. This  
also means that the comment should be unable to change the header/footer  
around it to pretend that someone else wrote it.


-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com		
Received on Tuesday, 15 May 2007 04:28:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:55 UTC