Hi, just joined the list and making a small note in reply to this thread :
On Wednesday, June 27, 2012 7:19:13 PM UTC-7, Boris Zbarsky wrote: > On 6/27/12 6:49 PM, Robert O'Callahan wrote: >> <iframe sandbox> and CSP can't actually dynamically change the origin of a >> document, can they? If they can we'd better fix that before it's too late >> :-). > The proposal to do sandboxing via CSP and the fact that you can put your > CSP into a <meta> tag mean that you can in fact dynamically change the > origin of a document, from whatever origin it had to a null principal, > when said <meta> tag is parsed. Devdatta is implementing that right now... > I do think it's somewhat daft, but people really want to do sandboxing > via CSP.... the current thinking after discussion with Dev and Dan Veditz is that sandboxing via CSP in a <meta> tag won't be allowed. Ian Hickson has also stated the spec actually implies this, since it says that any changes to sandboxing only take effect on the next navigation, making sandboxing in <meta> CSP a nop. There's also some concerns about CSP via <meta> in general since an injections means an attacker can affect the behavior of a page in unexpected ways if they can inject a new CSP (modulo the restrictions imposed by the intersection logic) Also, in general, i'm pretty curious about Servo's process model and its security architecture, maybe that's best discussed in a new thread though (I really need to take some time to understand Rust better as well). My particular interest is in how Servo relates to the process sandboxing project I'm working on and any ideas around what Servo's possible addon model might be - Servo is often proposed as a solution to the needs driving the sandboxing project but it seems there will still be unsafe, possibly exploitable code in certain parts of it. thanks, ian _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
