[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Bonner, Matt matt.bonner at hp.com
Tue Oct 7 16:17:07 PDT 2008


not speaking for HP here...

Elliotte Harold wrote:

> I don't have time to respond in detail to each of the valid points
> your raise.  I may later. However each of them can be handled in a
> different way that doesn't require third party content and mashups.
> The reason we have designed these systems this way is because it was
> quick and easy, not because it was the only way to do these tasks. 

That seems overly simplified.  Allowing links across sites creates
networks. I can link to a graph of the TED spread [1], to a real-time 
picture of the traffic on a nearby freeway and to a calendar gadget 
from three different sites because those sites are authorities for 
those topics.

Of course there's your way around all that: making local copies. But 
that brings obvious costs in network and disk usage. Also, the same-
host restriction raises the barrier to the average user making a web 
page.  And quite obviously, many companies would take umbrage if page
authors copied their contents. There are doubtless other problems w/
the same-host approach, but these are a few big ones I see.

Matt

[1] http://en.wikipedia.org/wiki/TED_spread
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4798 bytes
Desc: not available
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081007/9cdbc1da/attachment-0001.bin>


More information about the whatwg mailing list