[whatwg] [WF2] form submission protocols and methods
Maciej Stachowiak
mjs at apple.com
Mon Dec 19 18:01:27 PST 2005
On Dec 19, 2005, at 2:40 PM, Ian Hickson wrote:
>
>>>> "Untrusted content" is unclear. It implies the existence of
>>>> something that isn't "untrusted content", i.e. "trusted content".
>>>> Where is that defined? I do not believe it is defined anywhere, in
>>>> which case specifying its behavior seems non-useful.
>>>
>>> I have rephrased this sentence.
>>
>> I think this section is still somewhat problematic because a
>> reasonable
>> behavior is to allow "get" posts to "file:" URLs from a local file
>> document that is not marked trusted in any special way, as such a
>> document can already do normal "file:" URL loads anyway through other
>> mechanisms.
>
> Um, they shouldn't be able to. Or at least, in many UAs they can't.
Do you know of UAs that will prevent a file: URL document from
loading another file: URL in a frame or iframe? Or apply any
restrictions to scripting access to the resulting document. I don't
know of any that will. Form submission to a file: URL with the get
method doesn't afford any new avenues of attack that this capability
doesn't.
>> And this is much less risky than allowing execution of prgrams or
>> writing/deleting of files.
>
> Depends on what file you allow access to (/dev/mouse?)
I don't think reading /dev/mouse will specifically do anything bad,
but I see your point. For file: in file: inclusion I think it would
be wise to exclude certain system paths such as /dev and /etc. I
think this may be done already.
Regards,
Maciej
More information about the whatwg
mailing list