On Sun, 1 Jul 2001, Stuart Ballard wrote:
> > >
> > > The reason I ask is that, based on other subthreads here, it looks like
> > > we want to move to a model where XBL rules added through html.css are
> > > trusted.
> >
> > Ok... (We had better make sure none of the methods of those bindings do
> > anything dodgy, btw!)
>
> Well, the bindings themselves would be code written by mozilla.org so we
> can trust them as much as any other code[1].
The point is the bindings are exposed to script, so they musn't do
anything exploitable. Just like the 'window' object musn't have any
methods that shouldn't be called by untrusted script, etc.
Again, I'm not a security person, I could be talking nonsense...
> Good! This is the answer I wanted to hear - that you already care
> about this, even without the additional importance caused by the
> proposed change.
Totally. UA and user stylesheets must not be accessable by untrusted
script. It is very much an issue.
--
Ian Hickson )\ _. - ._.) fL
Netscape, Standards Compliance QA /. `- ' ( `--'
+1 650 937 6593 `- , ) - > ) \
irc.mozilla.org:Hixie _________________________ (.' \) (.' -' __________
