[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
lcamtuf at dione.cc
Thu Sep 25 17:27:26 PDT 2008
On Fri, 26 Sep 2008, Robert O'Callahan wrote:
> Seems like this will create a really bad user experience. The user
> scrolling around in the outer document will make IFRAMEs in it
> mysteriously become enabled or disabled.
Well, to put this in perspective - we are talking about cross-domain
IFRAMEs only, and only a short security timeout; we could also quite
conceivably make an exception for cases where a frame is scrolled into
view as a result of the user interacting with the scroll bar, as opposed
to page scripts (some optimizations of this type are already mentioned in
the proposal). That said, yeah, there are some trade-offs and gotchas. I
do not think that bad user experience is inherent to the design, but that
does not change the fact that it's a kludge.
I am not touting option #3, or any option on that list for that matter, as
a perfect solution; in fact, they all suck for one reason or the other.
I'm hoping we can come up with something workable, though.
As noted, my greatest concern is having us pick an easy way out that
essentially delegates all responsibility for compensating for an arguably
broken design to web applications (as is the case with most of the opt-in
solutions) - web developers already face a remarkable burden here, and
tend to fail way too often - or devising a fix that cripples some less
obvious but common uses (such as gadgets / mashups, or IFRAMEd
[ Not very related, but one such example of problem shifting was the fix
that some browser vendors implemented to improve privacy, by refusing
third-party cookies. It helped with the particular problem, and seemed
insanely elegant - but also caused massive problems with certain types
of gadgets, certain authentication schemes, and a handful security
mechanisms that relied on different-origin separation to safely host
untrusted content, lacking other options. ]
More information about the whatwg