> Javascript can be controlled by being recompiled into the Caja subset > of javascript. I've been thinking along these lines, all right. So what functions of Javascript are nonessential to the concept of a "rich webapp" but useful for abuse and fingerprinting? If you could strip JS down to a set of awesome functions that reduce the abuse potential, what stuff would you strip out?
A lot of the nasty stuff isn't even JS engine stuff, it's DOM stuff from the browser being made available to JS, so it's not entirely linguistic. A lot of it's bad API, probably much harder to fix. Still, reduced-set JS, with an in-browser standard for verifying signed JS code, would be great. I'm often boggled when I think this over that RMS forgot to include code signing in his suggestion for how to markup non-trivial JS with source code and license text; I figured "code verification" would be a crucial part of the Free Software philosophy when it comes to drive-by code. Another crucial change I'd like to see: immutable javascript. When including a script with the <script> tag, there should be an attribute "immutable=true" and another saying "opaque=true" that prevents *code in the page* from reading or modifying that script, while not preventing the user from reading or auditing the code. Ability of dynamically included/injected JS to fuck up or spy on other JS on the page is the principal reason that you can't trust JS-crypto even if you trust the host. On Tue, 15 Oct 2013 21:51:46 +1000 "James A. Donald" <[email protected]> wrote: > On 2013-10-15 19:54, Cathal Garvey wrote: > >> with folks that refuse to run JavaScript > > Not "JavaScript"; "Unverified, potentially malicious code with a > > rich history of exploits inside a frame I use to navigate the online > > world". It wouldn't matter if the code was LISP or Python; the > > problem isn't the language, it's the context. > > > > That said, I do run Javascript, albiet through NoScript. I just wish > > there were more fine-grained policy restrictions I could place on > > it, such as "No XmlHttpRequest/Websocket" or "No browser > > introspection (fonts, boundaries, etc.)", and let webapps that are > > trying to fingerprint me without my permission just crash and burn. > > Javascript can be controlled by being recompiled into the Caja subset > of javascript. > > In practice, however, this is only done when a server controlled by > one organization is generating a web page containing javascript > controlled by another organization - Caja is used to protect one > website against another, but not used to protect the client against > the website.
signature.asc
Description: PGP signature
