[whatwg] Side effects free scripts
Mihai Sucan
mihai.sucan at gmail.com
Sat May 27 13:31:56 PDT 2006
Hello!
Le Sat, 27 May 2006 19:58:28 +0300, Alexey Feldgendler
<alexey at feldgendler.ru> a écrit:
> Some more thoughts on security of scripted documents.
>
> Though sandboxing, as discussed earlier on this mailing list [1], would
> be a powerful tool to ensure security of scripted documents, it's
> overkill in many situations. Analyzing typical vulnerabilities found in
> web applications, I have found that many of them are caused by the
> possibility to trick the user agent into execution of a malicious
> script. This is often achieved by including scripts in unusual places in
> user-supplied code, such as the following text in a blog comment:
>
> <span style="color:expression(...steal cookies...)">LOL!</span>
>
> If the HTML cleaner fails to strip this, too bad. Sometimes, it's more
> complex than that, but the idea is the same: put a script in some
> unexpected place. (Another example:
> style="background:url(javascript:...)".)
>
> Sandboxes would, of course, deal with this, but there is a much simpler
> measure targeted specifically at such exploits.
Yes, sandboxes are somehow overkill, like "did the web reach this level
already?". That's something along the line: "do authors really need such
advanced capabilities?".
Thinking of sandboxing is like viruses are already running in the wild.
However, it's better to think forward and take caution.
> I propose to define the notion of "side effect free script". All
> browsers which allow scripts in declarations like CSS should only allow
> side effect free scripts in such places.
>
> [...]
>
> 9. Optionally, execution time limit may be imposed on the thread, so
> that it doesn't make the document unrenderable by running an endless
> loop inside CSS expression().
Of course. I like Gecko and Konqueror got the execution time limit. It's
something important, since authors can create malicious pages which bring
down the entire browser.
> The above is very raw thoughts. I'd like to hear some feedback on the
> idea itself.
Interesting thoughts, but I don't know why I don't find myself
enthusiastic about the "side-effect free script" notion you've detailed.
Maybe something better is still needed.
--
http://www.robodesign.ro
ROBO Design - We bring you the future
More information about the whatwg
mailing list