[whatwg] Sandboxing ideas
Alexey Feldgendler
alexey at feldgendler.ru
Tue May 15 04:22:04 PDT 2007
On Tue, 15 May 2007 13:02:51 +0200, Gervase Markham <gerv at mozilla.org>
wrote:
>> I'd treat these two problems as equally important. A separate HTTP
>> request per forum comment on the page is completely unacceptable.
> Would you really want separate security contexts for each comment?
I wouldn't want to allow people screw up others' comments, making it look
that other users wrote what they didn't write. So, yes, it's important
that any code within a comment cannot change anything but itself. This
also means that the comment should be unable to change the header/footer
around it to pretend that someone else wrote it.
--
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
More information about the whatwg
mailing list