[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Robert O'Callahan robert at ocallahan.org
Mon Sep 29 16:32:30 PDT 2008

On Tue, Sep 30, 2008 at 12:09 PM, Michal Zalewski <lcamtuf at dione.cc> wrote:

> On Tue, 30 Sep 2008, Robert O'Callahan wrote:
>  If the chat gadget is configured to only talk to the site owner, how can
>> it
>> be abused? I suppose the site owner can discover the chat nick of a
>> visitor
>> who otherwise wouldn't want to disclose it. That's a risk that the chat
>> system developers might very well be willing to accept.
> Assume you are logged in with Facebook, Google, or any other "common" party
> that provides general chat / calendar services or anything of that kind; and
> let's say this party permits site operators embed a gadget that shows every
> visitor a schedule of events advertised on a page overlaid on top of
> visitor's schedule (with the option to add these to your calendar, or edit
> your calendar data - it does not have to be read-only);

I don't see what's so terrible about showing the user's calendar and the
overlaid events inline, and having the "Add to Calendar" button open a new
page for confirmation. Note that GMail's "add to Google Calendar"
functionality already takes me to a new tab for confirmation, even though
presumably Google could avoid that if they wanted to.

or gives you the opportunity to chat, review and annotate documents, or
> otherwise collaborate with site owners using similar facilities provided by
> gadget operator in their third-party domain, in your capacity as the user
> logged in with said services.

If these services are limited to specific chat channels or documents that
are associated with the site owner (which can be ensured by the gadget
operator), then I don't see a problem; site owner "UI redress" would be

>  That's a terrible user experience, by most accounts, and goes against the
>>> concept of a gadget; I believe it is often avoided at all costs except
>>> when
>>> absolutely necessary (e.g., login, where the user needs the opportunity
>>> to
>>> verify URL, SSL status, etc).
>> Maybe we can make it a better user experience, for example, by allowing
>> the new window/tab to appear as a new pane at the top or bottom of the
>> existing tab. That would nicely handle your chat example, IMHO.
> Possibly.

Think it over :-)

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080930/3eb9f593/attachment-0001.htm>

More information about the whatwg mailing list