On 6/19/14 11:46 AM, Chris Karlof wrote: > > Ryan, we can keep framed content secure from the rest of the page.
Yeah, iframes provide isolation of the code and secrets, but not necessarily the UI. You described clickjacking, plus there's the usual trusted-path problem: if this iframe is asking for user password input, does the user have a good way to know who they're revealing their secrets to? A lot of the existing frameable mutually-suspicious-origin resources are using stored credentials, not asking for new ones. It seems to me that the trusted-UI problem requires something clearly outside the content area: either a separate app, or some popup / dropdown that is obviously coming from the OS/Browser as opposed to the web page that's asking for access. This could be OS-level support (like the android account manager), or some kind of sign-in-to-the-browser thing, or a separate tab with an way to display the origin. cheers, -Brian _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
