[whatwg] Content Restrictions
Alexey Feldgendler
alexey at feldgendler.ru
Mon Jan 30 06:45:22 PST 2006
On Mon, 30 Jan 2006 18:49:29 +0600, Gervase Markham <gerv at mozilla.org>
wrote:
> I found a four-message thread:
> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005294.html
> The ideas proposed there are interesting but have the problem I outlined
> in my original message of being capabilities rather than restrictions.
See point 7 in my message:
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2005-December/005301.html
It's specifically targeted at keeping decent security in older browsers.
User agents that don't support sandboxing won't execute the scripts at all.
I'm very suspicious of any security policy model that doesn't degrade
safely. If it's anything else, it's OK to define that "older browsers will
just ignore this". But when it's about security, the possibility of
exceeding the defined privileges is not acceptable. With security, we
should always keep on the safe side. If an older user agent, which is any
of the present browsers, doesn't support the new security model, it
shouldn't loosen the restrictions. So, if a browser can't run scripts in
restricted mode, it shouldn't run them at all.
There is a well-known use case: blogs, wikis, forums and other web-based
systems that allow users enter text with markup. Many of them would like
to allow some scripting, but because they can't tell good scripts from bad
ones (which steal cookies, post comments on behalf of the user and do
other nasty things), they filter out <script>...</script> completely. They
won't benefit of the content restrictions you propose because they can't
risk feeding unsafe content to an older browser which doesn't understand
the restrictions.
--
Opera M2 8.5 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station [ICQ: 115226275] <alexey at feldgendler.ru>
More information about the whatwg
mailing list