[whatwg] Sandboxing scripts: call for a wider discussion
Alexey Feldgendler
alexey at feldgendler.ru
Mon Jan 23 03:07:49 PST 2006
On Mon, 23 Jan 2006 09:14:02 +0600, Ian Hickson <ian at hixie.ch> wrote:
> Worry not, they're not being ignored. There are hundreds of good ideas
> being suggested to this list; all will be examined and responded to
> before the spec is finished. Currently the focus is on the parser
> section.
Nice to hear that.
> I agree that sandboxing is very important. There are some big problems
> with it -- how to get some level of backwards compatibility without
> exposing 99% of users to security risks,
That was in my proposal: to introduce the <safe-script> element,
safe-onclick etc attributes, and safe-javascript: URI scheme. These would
be ignored by older UAs, so the scripting is kept on the safe side: if
sandboxing is not supported, then scripts are not executed at all.
> how to make it possible to
> sandbox arbitrary content (that can't, e.g., do:
>
> document.write("</sandbox>");
AFAIK, document.write is not standardized anywhere at all (am I right?)
But because user agents will continue to implement document.write even if
it's not standardized, it should be somehow defined how document.write
works inside a sandbox. Because "document" is somewhat fake in the
sandbox, I think document.write("</sandbox>") should do the same as doing,
e.g., document.write("</div>") when there was no opening <div>.
But I agree there is much more to discuss to make sure it's a useful and
safe feature.
--
Opera M2 8.5 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station [ICQ: 115226275] <alexey at feldgendler.ru>
More information about the whatwg
mailing list