[whatwg] The <iframe> element and sandboxing ideas

A bank sporting a site with a form encouraging the customer to enter
arbitrary HTML code would be perceived innovative indeed, albeit in the
Monty-Pythonic sense.  I can envision the logo: "The First Alternative
Reality Bank".  Hopefully, all its accounts would be run in lindendollars...
And no wonder it could afford only one employee.
Chris

-----Original Message-----
From: whatwg-bounces@lists.whatwg.org
[mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Frode Borli
Sent: Saturday, July 26, 2008 9:40 AM
To: Edward Z. Yang
Cc: whatwg at whatwg.org; ide at berkeley.edu
Subject: Re: [whatwg] The <iframe> element and sandboxing ideas

> Frode Borli wrote:
>> A bank want a HTML-messaging system where the customer can write
>> HTML-based messages to customer support trough the online banking
>> system. Customer support personell have access to perform transactions
>> worth millions of dollars trough the intranet web interface (where
>> they also receive HTML-based messages from customers).
>
> A few problems with this theoretical situation:
> 1. Why does the bank need an HTML messaging system?

Because the bank wants to be percieved as innovative by its customers?
It is not my place to question WHY somebody need a feature. Why is
there a manufactorer logo on most cars? It isnt strictly required...

> 2. Why is this system on the same domain as the intranet web interface?

Content is submitted from the banks public website - but customer
support handles the mails in the internal webmail system which may be
on the same domain..

> 3. Why do customer support personell have access to the transaction
> interface?

Better question: is it good that since html-sanitizing cannot be done
securely we need more employees?

If I contact my account manager he most likely have access to perform
tasks on my account, as well as on other customers bank accounts.

>> Security depends on on a perfect sanitizer. Would you sell your
>> sanitizer to this bank without any disclaimers, and say that your
>> sanitizer will be valid for eternity and for all browsers that the
>> bank decides to use internally in the future?
> Well, it's an open-source sanitizer. But that aside, say, I was selling
> them a support contract, I would not say "valid for eternity". However,

Then we need client side sandboxing.

Received on Saturday, 26 July 2008 01:17:41 UTC