[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
elharo at metalab.unc.edu
Fri Sep 26 22:41:30 PDT 2008
Robert O'Callahan wrote:
> You're saying Java's security model is adequate for what people want to
> do on the Web. I say that is unproven since people are not using Java on
> the Web. *Why* they are not using Java on the Web is irrelevant.
Java's security model is absolutely adequate for what people want to do
on the Web. Given sufficient time and resources you could write a fully
featured web browser that ran as an applet. (Not much point but it could
be done.) The one fundamental problem you'd hit would be the inability
to load content from a host other than the server the applet came from.
If we allow different windows for different pages, there's nothing an
applet can't do. (They're a few things it wouldn't do very efficiently,
but that;s another story.)
People want to get pictures, text, and other media from the web. People
want to play games and use some apps. Users don't care where the media
is loaded from. If it can be loaded form a single server, then the
users' needs are met.
I see no genuine user use cases that require multisite access within a
single page. That's a sometimes convenient feature for site developers,
but there's nothing you can do with content loaded from two sites you
can't do with content loaded from one.
There might be ways to give clients more control over what they load and
see so that the *client* can choose to load and merge content from
several different hosts, but that's exactly what's being avoided here.
Web standards and even more so web software has consistently favored the
needs of the server over the needs of the client. That's why we still
have way too many sites trying to control how their users consume and
I challenge anyone to demonstrate a single multisite web page that
cannot be reproduced as a single-site page. Do not confuse details of
implementation with necessity. Just because we sometimes put images,
ads, video, tracking scripts, and such on different sites doesn't mean
we have to. The web would be far more secure if we locked this down, and
simply made multisite pages impossible.
Elliotte Rusty Harold elharo at metalab.unc.edu
Refactoring HTML Just Published!
More information about the whatwg