[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Elliotte Harold elharo at metalab.unc.edu
Fri Sep 26 22:41:30 PDT 2008

Robert O'Callahan wrote:

> You're saying Java's security model is adequate for what people want to 
> do on the Web. I say that is unproven since people are not using Java on 
> the Web. *Why* they are not using Java on the Web is irrelevant.

Java's security model is absolutely adequate for what people want to do 
on the Web. Given sufficient time and resources you could write a fully 
featured web browser that ran as an applet. (Not much point but it could 
be done.) The one fundamental problem you'd hit would be the inability 
to load content from a host other than the server the applet came from. 
If we allow different windows for different pages, there's nothing an 
applet can't do. (They're a few things it wouldn't do very efficiently, 
but that;s another story.)

People want to get pictures, text, and other media from the web. People 
want to play games and use some apps. Users don't care where the media 
is loaded from. If it can be loaded form a single server, then the 
users' needs are met.

I see no genuine user use cases that require multisite access within a 
single page. That's a sometimes convenient feature for site developers, 
but there's nothing you can do with content loaded from two sites you 
can't do with content loaded from one.

There might be ways to give clients more control over what they load and 
see so that the *client* can choose to load and merge content from 
several different hosts, but that's exactly what's being avoided here. 
Web standards and even more so web software has consistently favored the 
needs of the server over the needs of the client. That's why we still 
have way too many sites trying to control how their users consume and 
view content.

I challenge anyone to demonstrate a single multisite web page that 
cannot be reproduced as a single-site page. Do not confuse details of 
implementation with necessity. Just because we sometimes put images, 
ads, video, tracking scripts, and such on different sites doesn't mean 
we have to. The web would be far more secure if we locked this down, and 
simply made multisite pages impossible.

Elliotte Rusty Harold  elharo at metalab.unc.edu
Refactoring HTML Just Published!

More information about the whatwg mailing list