Hello @ all
While writing my thesis about security in web2.0 i have implemented the
Module-Tag from Douglas Crockford. It enables a site to communicate with
embedded widgets while preventing the widget from manipulating the site.
In order to make some use of this Firefox-Extension, i published the
code at [addons.mozilla.org/de/firefox/addon/10090]. This extension
works with frames, because of the use of the Same-Origin-Policy to
separate site and widget from each other. An interface provides the
functionality to send messages from the site to the widget and backwards.
The goal is to discuss the Module-Tag and its usefulness to modern web
security especially while using widgets.
I would like to ask for opinions about the Module-Tag and my
implementation of it. I couldn't find any alternative extensions or
projects with the same security service,so i think this will be a very
useful one to everybody.
Basti
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
