On Thu, Sep 10, 2009 at 3:32 PM, Adam Barth <[email protected]> wrote: > > On Thu, Sep 10, 2009 at 3:11 PM, Darin Fisher <[email protected]> wrote: > > Yeah, whatever problems we have with view-net-internal, we must have with > > view-cache. Before making a change, we should understand why view-cache > > hasn't been a problem. Or, has it? > > It's not as concrete as having a vulnerability or not. Every time we > add a new scheme, we increase the attack surface and add complexity to > our security logic. For example, chrome: has the noAccess bit set, > which mitigates XSS on chrome: pages. I suspect we didn't remember to > set the noAccess bit on view-net-internal. Of course we could enable > that particular mitigation in this particular case, but it's a parade > of paper cuts. > > Unless there's a tangible benefit to using a new scheme, it's probably > not worth the cost. > > Adam >
It's a good argument. So long as we arrive at a solution that allows us to still have the bulk of the implementation (for these special pages) live in the net/ module, I'm happy with changing them over to chrome:// URLs. -Darin --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
