[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

[Michal Zalewski]

On Fri, 26 Sep 2008, Robert O'Callahan wrote:

> Seems like this will create a really bad user experience. The user 
> scrolling around in the outer document will make IFRAMEs in it 
> mysteriously become enabled or disabled.

Well, to put this in perspective - we are talking about cross-domain 
IFRAMEs only, and only a short security timeout; we could also quite 
conceivably make an exception for cases where a frame is scrolled into 
view as a result of the user interacting with the scroll bar, as opposed 
to page scripts (some optimizations of this type are already mentioned in 
the proposal). That said, yeah, there are some trade-offs and gotchas. I 
do not think that bad user experience is inherent to the design, but that 
does not change the fact that it's a kludge.

I am not touting option #3, or any option on that list for that matter, as 
a perfect solution; in fact, they all suck for one reason or the other. 
I'm hoping we can come up with something workable, though.

As noted, my greatest concern is having us pick an easy way out that 
essentially delegates all responsibility for compensating for an arguably 
broken design to web applications (as is the case with most of the opt-in 
solutions) - web developers already face a remarkable burden here, and 
tend to fail way too often - or devising a fix that cripples some less 
obvious but common uses (such as gadgets / mashups, or IFRAMEd 
advertisements).

[ Not very related, but one such example of problem shifting was the fix
   that some browser vendors implemented to improve privacy, by refusing
   third-party cookies. It helped with the particular problem, and seemed
   insanely elegant - but also caused massive problems with certain types
   of gadgets, certain authentication schemes, and a handful security
   mechanisms that relied on different-origin separation to safely host
   untrusted content, lacking other options. ]

Cheers,
/mz