[whatwg] Side effects free scripts
Alexey Feldgendler
alexey at feldgendler.ru
Sun May 28 02:47:05 PDT 2006
On Sun, 28 May 2006 03:31:56 +0700, Mihai Sucan <mihai.sucan at gmail.com>
wrote:
>> Sandboxes would, of course, deal with this, but there is a much simpler
>> measure targeted specifically at such exploits.
> Yes, sandboxes are somehow overkill, like "did the web reach this level
> already?". That's something along the line: "do authors really need such
> advanced capabilities?".
>
> Thinking of sandboxing is like viruses are already running in the wild.
> However, it's better to think forward and take caution.
I didn't say sandboxes are overkill. The concept of sandboxing is a result
of analyzing vulnerabilities found in modern web applications, like CMS,
blogs, forums etc. They do need that level of control.
What I said is that sandboxes is a long way to go, something that probably
won't be in common use in the next several years. However, there is a
whole class of attacks which can be prevented by a much simpler measure,
and that's what I was writing about.
>> 9. Optionally, execution time limit may be imposed on the thread, so
>> that it doesn't make the document unrenderable by running an endless
>> loop inside CSS expression().
> Of course. I like Gecko and Konqueror got the execution time limit. It's
> something important, since authors can create malicious pages which
> bring down the entire browser.
Actually, the execution time limit is somewhat out of scope, I just
mentioned it because it came to my head. The limit is useful in many other
places than those I listed, for example, for event listeners. However,
even if such a limit is not imposed, a well-designed browser won't be
taken down by an endless loop in a script: maybe the page will become
unresponsive, but other open pages will be usable.
>> The above is very raw thoughts. I'd like to hear some feedback on the
>> idea itself.
> Interesting thoughts, but I don't know why I don't find myself
> enthusiastic about the "side-effect free script" notion you've detailed.
I would insist on taking only rational arguments into account.
> Maybe something better is still needed.
Maybe someone else will offer something better.
--
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
More information about the whatwg
mailing list