[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
lcamtuf at dione.cc
Fri Sep 26 15:34:45 PDT 2008
On Fri, 26 Sep 2008, Elliotte Rusty Harold wrote:
> It's tongue-in-cheek that I don't expect it to be adopted or seriously
> considered (this year). It's not tongue-in-cheek in that I very much
> wish it were adopted. That is, I think it's in the realm of the
> desirable, not the possible.
Oh yup, agreed there; with current DOM manipulation capabilities, and with
the hopefully upcoming flexible, site-controlled security policies,
IFRAMEs could probably safely go away in a decade or so for most intents
> I am curious what issues you see with same origin content. They
> certainly exist, but I tend to feel those are orthogonal to the issues
> at hand, and subject for a separate discussion.
Yup, these are best addressed by introducing better security controls wrt
content sniffing, sandboxing, etc, rather than keeping IFRAMEs around.
It's just that killing IFRAMEs before these improvements are introduced
would probably do some harm.
The general problem is, let's assume my application wants to show you a
third-party gadget, a document of an unknown format sent to you in an
e-mail, or a raw HTML page that cannot be scrubbed down, or that we do not
believe we can scrub well enough (this is a very difficult task by itself,
given browser-specific HTML parsing quirks). Further assume that I want to
do it within some other, trusted UI, to offer a more intuitive and
streamlined user experience, instead of creating new minimal,
non-interactive tabs. The only way to do it right now without risking the
content gaining control of the UI is to keep it in a separate, untrusted
"sandbox" domain, and use IFRAMEs to embed the data within the UI. Quite a
few web apps adopted this approach for better or worse to implement useful
More information about the whatwg