<div dir="ltr">On Sat, Sep 27, 2008 at 9:43 PM, Michal Zalewski <span dir="ltr"><lcamtuf@dione.cc></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Your whack-a-mole analogy is of course true, but it applies so much more to many ongoing browser security efforts, most notably including implementing robust cross-domain DOM access security checks; hardly a simple and well-defined component by itself, and proved to be extremely complex to implement right in practice, too. Pretty much *any* effort to patch the existing design is bound to be in practice kludgy, regardless of how much text is needed to outline implementation goals.<br>
</blockquote><div> </div><div>Note that if we had option 1 (or in general way for sites to say "do not allow my resources (scripts, images, pages in IFRAMES) to be loaded cross-origin, except as I explicitly permit via Access Controls"), that would also protect such sites from holes associated with inadequate cross-domain DOM security checks.<br>
<br>Default permission of cross-domain loads is responsible for *a lot* of problems. Allowing sites to escape that would address a lot of problems, even if it is opt-in. Eventually we could hope to reach a state where all browsers support it, and most sites request it --- a much saner Web IMHO.<br>
</div></div><br clear="all">Rob<br>-- <br>"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]<br>
</div>