Boris Zbarsky wrote:
On 8/1/13 4:27 PM, Brendan Eich wrote:
Ok, but Hixie was contrasting with a process-isolated implementation.
Hixie is suggesting process-isolating iframes that are not same-origin
to start with and can't be made same-origin via document.domain
He is not suggesting process-isolating iframes which might ever become
same-origin.
So his proposed implementation gives good defence in depth for things
that are completely different origins and always will be, but does
nothing for protecting mail.google.com from calendar.google.com, say,
compared to the current situation..
For those two to join origins, they'd need to be reachable, which means
loaded in related window/iframe(s) and/or visible by the ancestor-rule
to window.open. So that helps a bit -- disjoint constellations that
cannot be connected can be process-isolated from the get-go, even if
their origins are subdomains of a common super-origin.
I'm not sure what the threat is, if any. Still seems kind of hinky.
As a spec, it indeed looks like pave-the-whack-a-mole-paths. Can we do
better? My attempt to throw a net over Apple and Microsoft folks here
has so far caught no fish. :-P
/be
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
