[whatwg] Script origin tracking

On Thu, 9 Feb 2006, Alexey Feldgendler wrote:

> What you say can be implemented, though, and it has the same underlying 
> requirement as the sandboxing approach that I wrote about before: 
> origin-tracking of every piece of script code. Here are the rules. [...]

These rules, and rules like it (this is a relatively important area of 
security research), have performance characteristics that several browser 
vendors have told me are unacceptable. I think we're stuck with the 
current model, at least for the forseeable future.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 24 May 2007 15:54:21 UTC