Hello Jasvir, Yes, I am talking about taming. Taming is what I guess I am asking for since SSL only protects the webstorage apis partially.
I think maybe if a new taaming system would be developed for webstorage it would be really good to see. On Jul 7, 2:50 am, ๏̯͡๏ Jasvir Nagra <[email protected]> wrote: > I don't think I understand the question. Webstorage apis like localstorage > and sessionStorage are exposed via javascript apis. A container using caja > can expose access to these api or attenuate access to it. This is called > taming. Caja doesn't provide a default taming for webstorage. Is this what > you are asking for? > > If so, I don't understand how SSL fits into your question. The security > model for webstorage apis are based on same-origin making them vulnerable to > spoofing attacks. This is only partially mitigated by SSL and certainly > doesn't help for the use case for which Caja is intended where third party > code is being served on the same domain as container code. > > > > On Tue, Jul 6, 2010 at 10:40 PM, Eric Dorman <[email protected]> wrote: > > Is there any work being done on securing the HTML 5 Localstorage > > feature like for example implementing an SSL Model into the new > > system. ;p
