[whatwg] [WF2] form submission protocols and methods

Maciej Stachowiak mjs at apple.com
Mon Dec 19 18:01:27 PST 2005


On Dec 19, 2005, at 2:40 PM, Ian Hickson wrote:

>
>>>> "Untrusted content" is unclear. It implies the existence of
>>>> something that isn't "untrusted content", i.e. "trusted content".
>>>> Where is that defined? I do not believe it is defined anywhere, in
>>>> which case specifying its behavior seems non-useful.
>>>
>>> I have rephrased this sentence.
>>
>> I think this section is still somewhat problematic because a  
>> reasonable
>> behavior is to allow "get" posts to "file:" URLs from a local file
>> document that is not marked trusted in any special way, as such a
>> document can already do normal "file:" URL loads anyway through other
>> mechanisms.
>
> Um, they shouldn't be able to. Or at least, in many UAs they can't.

Do you know of UAs that will prevent a file: URL document from  
loading another file: URL in a frame or iframe? Or apply any  
restrictions to scripting access to the resulting document. I don't  
know of any that will. Form submission to a file: URL with the get  
method doesn't afford any new avenues of attack that this capability  
doesn't.

>> And this is much less risky than allowing execution of prgrams or
>> writing/deleting of files.
>
> Depends on what file you allow access to (/dev/mouse?)

I don't think reading /dev/mouse will specifically do anything bad,  
but I see your point. For file: in file: inclusion I think it would  
be wise to exclude certain system paths such as /dev and /etc. I  
think this may be done already.

Regards,
Maciej




More information about the whatwg mailing list