[whatwg] Content Restrictions
Hallvord Reiar Michaelsen Steen
hallvord at hallvord.com
Mon Jan 30 20:53:43 PST 2006
On 30 Jan 2006 at 22:57, Alexey Feldgendler wrote:
> > devil is in the detail. For example, how do you programmatically isolate
> > the outside and inside? If the outside sets a value on the inside, and
> > the inside has set a setter function on that value, how do you make sure
> > the setter runs with the right privileges?
>
> All code which is physically written inside the sandbox is restricted.
> This includes setter functions.
This is very hard to implement. AFAIK no UA's JavaScript engine has a
concept of the "origin" of a function. If any function is invoked by
a thread with higher privileges, it will run with higher privileges.
The alternative is having the UA do a security check for every
function it intends to run, and I don't see any way to avoid a
serious performance penalty there.
Caveat: I'm not a programmer, just a tester.
> > Also, how do you prevent inner "safe" script from e.g. overlaying
> > content on top of any arbitrary part of the page using absolutet
> > positioning? You have to try and allocate particular bits of the page to
> > particular sandboxes. That's a nightmare.
>
> Thanks for pointing this issue out, I'll think about how to address it
Yes, it is a serious problem.
> > I know people _want_ to do it, just as people wanted pretty coloured
> > scrollbars and so IE added a proprietary extension to CSS to allow it.
Gerv, don't you see the potential here? Come on, 50% of all blogs
will add dynamic menus! Isn't that going to be great for the web?
:-p
For the record: I think there are really good use cases for these
ideas.
Regarding SANDBOX when I look at the discussion and points raised so
far I sort of get the feeling that we are re-inventing IFRAME...
Hence I'm beginning to think that we should just come up with a new
attribute on IFRAME, called "sandbox" or "contentrestriction" or
something like that. That way the parent page could explicitly allow
or prevent interaction with the IFRAME.
Just a loose idea for now..
--
Hallvord Reiar Michaelsen Steen
http://www.hallvord.com/
More information about the whatwg
mailing list