- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Sun, 24 Jan 2010 15:09:32 -0500
On Sun, Jan 24, 2010 at 5:52 AM, Ian Hickson <ian at hixie.ch> wrote: > What would the "sandbox" do, other than require one level of escaping? > i.e. what is it protecting against? <span sandbox>$something</sandbox> was meant to be more or less the same as <iframe sandbox srcdoc="$something">. The latter achieves the same effect but is cleaner and makes more sense. I must not have known about the doc="" proposal at that point, but I can't remember what I was thinking more than a month ago. On Sun, Jan 24, 2010 at 6:19 AM, Adam Barth <whatwg at adambarth.com> wrote: > In general, stopping malicious content from exfiltrating data isn't > practical. ?For example, even including a single hyperlink is often > sufficient to exfiltrate a large amount of data. ?In user agents that > prefetch DNS, the user doesn't even need to click on the link. DNS prefetching doesn't tell you anything except that someone viewed the link, right? And maybe what their ISP is, in a typical case. Including an image tells you their IP address, User-Agent, and so on. How can you get any data out of a link with no DNS prefetching? Some users will click the link, but not all. Maybe quite a lot if you allow arbitrary CSS, of course . . . you could easily make the whole post a link. But "everyone who clicks on a given post for some reason" is still a lot less than "all viewers", which is what image inclusions will do.
Received on Sunday, 24 January 2010 12:09:32 UTC