Re: Copy to Clipboard - ambush and abuse by javascript

On Jun 3, 2010, at 12:48 PM, Nathan wrote:

> long term I'd love to see signed javascript widgets on the client-side (so trust is implicit and opted in to by the user, like when we 'install' an application).

I don't think that signing the widget (and corresponding signature verification by the widget installer) implies any _real_ trust between the user (who is simply clicking a button saying "install this app from XX, yes or no?") and the widget. 

In the best case, the signature was made by a company whose brand the user trusts, and the widget application code was verified reasonably well enough as to be thought of by the signer as "unlikely to be malicious". 

> 
> short term is there really anyway around this? sites could still proxy the request, even if not using XHR they could load any remote element with GET params in to the DOM and pass info that way..
> 
> The only 'real' way I can see to address this, is to get each user to verify every single HTTP request after document.onload has fired, in combination with CORS on the server side (would still need a UMP style 'Uniform-Headers' addition though [1]), and perhaps further in combination with a trusted domain/script list approach - likelihood of that happening..?

Why should someone trust a domain at all?

The point of UMP, I think, is to make the decision as to whether to authorize a request be based on specific agreement between the requesting site and the recipient, and a specific agreement between the user and the recipient, and to decouple these agreements from one another.

This makes it more difficult for such a decision to be made implicitly, based on automated actions by a piece of software which is merely acting as an agent of another piece of software in making the request. 

Regards,

- johnk

> 
> [1] http://dev.w3.org/2006/waf/UMP/#response-header-filtering
> 
> Best,
> 
> Nathan
> 
> 
>

Received on Thursday, 3 June 2010 17:11:31 UTC