[whatwg] Dealing with UI redress vulnerabilities inherent tothe current web

Robert O'Callahan robert at ocallahan.org
Fri Sep 26 20:49:54 PDT 2008

On Sat, Sep 27, 2008 at 3:17 PM, Richard's Hotmail <maher_rj at hotmail.com>wrote:

> https://jdk6.dev.java.net/plugin2/
> http://weblogs.java.net/blog/joshy/archive/2008/05/java_doodle_cro.html

We have a W3C spec for the latter called Access Controls, which is a good
deal more secure than Java/Flash's crossdomain.xml.

Anyway, the fact that Java is evolving some sort of cross-domain capability
doesn't help make the argument that the Java 1.0 same-origin sandbox model
is an adequate solution to everything.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080927/90ee521b/attachment-0001.htm>

More information about the whatwg mailing list