- From: Frode Børli <frode@seria.no>
- Date: Wed, 18 Jun 2008 00:58:30 +0200
2008/6/17 Kristof Zelechovski <giecrilj at stegny.2a.pl>: > This particular explanation is irrelevant to the topic because sandboxed > fragments can contain scripts, whether within CSS or not. The idea of > sandboxing is to disable scripts, not to purge them. You asked me to comment on your questions. It's obvious (when you read the discussion) that the point of sandboxing is to disable scripts. But to establish that we need sandbox, I wanted to show how difficult it is to sanitize html - and also that it can't be done in a future proof manner from the server side. Fact: Preventing users from inserting scripts, and at the same time allowing user submitted html is extremely difficult to do on the server side - ergo we must have sandboxing. Method with iframe and content attribute: 1. Makes it very impractical to use sandboxing on short texts - such as an article title. 2. Impossible to have user generated content inside a <select>. 3. Makes it impossible to attach custom javascript functionality on words inside the text on the server side. 4. Graceful degradation requires two separate domain names. One for user generated content, and another for the website itself. 5. Graceful degradation requires significant programming effort on the server side. First of all, the user must be authenticated on both domain names - and each page that should display user generated content must have separate scripts to create the iframe content. Method with <sandbox> tag, or sandbox='on' attribute: 1. Easy to use sandboxing on short texts. PHP example: <?php echo "<sandbox>".htmlspecialchars($title)."</sandbox>"; ?> 2. Easy to sandbox a select box. 3. Easy to attach custom javascript functionality: PHP example: <?php echo "<sandbox>".htmlspecialchars("User ")."</sandbox><span onclick='something'>generated</span><sandbox>".htmlspecialchars("content"); ?> 4. Graceful degradation is automatic. User inserted scripts and is entity escaped, and will never execute in any browser. 5. See point 4. Frode
Received on Tuesday, 17 June 2008 15:58:30 UTC