Hixie recently mentioned to me the following paper from UC Berkeley that
includes some analysis of the Web Storage [webstorage] and HTML5 Web
Messaging [webmessaging] specs.
The Abstract:
[[
http://www.eecs.berkeley.edu/~sch/w2sp2010ena.pdf
Several new browser primitives have been pro- posed to meet the demands
of application interactivity while enabling security. To investigate
whether applications consistently use these primitives safely in
practice, we study the real-world usage of two client-side primitives,
namely postMessage and HTML5's client-side database storage. We examine
new purely client-side communication protocols layered on postMessage
(Facebook Connect and Google Friend Connect) and several real-world web
applications (including Gmail, Buzz, Maps and others) which use client-
side storage abstractions. We find that, in practice, these abstractions
are used insecurely, which leads to severe vulnerabilities and can
increase the attack surface for web applications in unexpected ways. We
conclude the paper by offering insights into why these abstractions can
potentially be hard to use safely, and propose the economy of
liabilities principle for designing future abstractions. The principle
recommends that a good design for a primitive should minimize the
liability that the user undertakes to ensure application security.
]]
I mention this in case this article identifies issues the specs should
or must address.
-Art Barstow
[webstorage] http://dev.w3.org/html5/webstorage/
[webmessaging] http://dev.w3.org/html5/postmsg/
