[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Hallvord R M Steen hallvors at gmail.com
Mon Sep 29 05:54:45 PDT 2008

2008/9/29 Michal Zalewski <lcamtuf at dione.cc>:
> I definitely like the "Origin" proposal the most of all the opt-in schemes,
> simply because it permits trusted domains to be whitelisted for many
> applications that rely on same-origin separation to implement security
> sandboxes.
> It still completely ignores the question of how we protect gadgets / mashups
> / whatever that are *designed* to be embedded on potentially untrusted
> sites, but depend on having the integrity of their UIs preserved

After giving this quite some thought over the weekend, my conclusion
is that this basically isn't doable - simply because it is a UI issue,
UI is all about communicating to end users and the likelyhood of
finding a solution that communicates the complexity of this in a way
users will understand is practcally 0. The idea I liked most was a
sort of "automatically raise IFRAMEs to topmost z-index when focused"
combined with some way to temporarily flash the address - but IMO it's
not doable because we'll mess up the UI of existing solutions in
unexpected ways, and users don't understand URLs and have a quite
fuzzy understanding of the basic "different site" concept.

I know where you are coming from and hope a UI genius proves me wrong. :)

Hallvord R. M. Steen

More information about the whatwg mailing list