Re: [whatwg] The choice of script global object to use when the script element is moved

On Wed, 2 Feb 2011, Henri Sivonen wrote: > On Feb 2, 2011, at 03:07, Ian Hickson wrote: > > > I suppose we could make it so that scripts get neutered when the document > > that they were first associated with gets unloaded. Would that work? > > We did something different. > > > Proposal #1: >

Re: [whatwg] The choice of script global object to use when the script element is moved

On Wed, Feb 2, 2011 at 5:48 AM, Henri Sivonen wrote: > On Feb 2, 2011, at 03:07, Ian Hickson wrote: > >> I suppose we could make it so that scripts get neutered when the document >> that they were first associated with gets unloaded. Would that work? > > We did something different. > >> Proposal #

Re: [whatwg] The choice of script global object to use when the script element is moved

On Feb 2, 2011, at 03:07, Ian Hickson wrote: > I suppose we could make it so that scripts get neutered when the document > that they were first associated with gets unloaded. Would that work? We did something different. > Proposal #1: Proposal #4 (what Gecko now does): * If at the time when

Re: [whatwg] The choice of script global object to use when the script element is moved

On Thu, 9 Sep 2010, Henri Sivonen wrote: > On Sep 9, 2010, at 00:47, Ian Hickson wrote: > > On Fri, 3 Sep 2010, Henri Sivonen wrote: > >> > >> When evaluating a parser-inserted script, there are three potential > >> script global objects to use: > >> > >> 1) The script global object of the docume

Re: [whatwg] The choice of script global object to use when the script element is moved

On Sep 9, 2010, at 00:47, Ian Hickson wrote: > On Fri, 3 Sep 2010, Henri Sivonen wrote: >> >> When evaluating a parser-inserted script, there are three potential script >> global objects to use: >> 1) The script global object of the document whose active parser the parser >> that inserted the s

Re: [whatwg] The choice of script global object to use when the script element is moved

On Fri, 3 Sep 2010, Henri Sivonen wrote: > > When evaluating a parser-inserted script, there are three potential script > global objects to use: > 1) The script global object of the document whose active parser the parser > that inserted the script is. > 2) The script global object of the docum

Re: [whatwg] The choice of script global object to use when the script element is moved

On Wed, Sep 8, 2010 at 2:24 AM, Anne van Kesteren wrote: > On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth wrote: >> >> The goal of AllowedScripts is not to limit a privilege to a subset of >> an origin.  Rather, the goal is to prevent an attacker who can inject >> markup into a document from exec

Re: [whatwg] The choice of script global object to use when the script element is moved

On Wed, 08 Sep 2010 11:20:30 +0200, Adam Barth wrote: The goal of AllowedScripts is not to limit a privilege to a subset of an origin. Rather, the goal is to prevent an attacker who can inject markup into a document from executing script. Put another way, if you're already executing script, th

Re: [whatwg] The choice of script global object to use when the script element is moved

On Wed, Sep 8, 2010 at 2:10 AM, Anne van Kesteren wrote: > On Tue, 07 Sep 2010 22:57:27 +0200, Adam Barth wrote: >> It sounds like CSP is creating sub-origin privileges.  Sub-origin >> privileges don't really work, so it's unclear to what a sensible >> result would be. > > This is a problem with

Re: [whatwg] The choice of script global object to use when the script element is moved

On Tue, 07 Sep 2010 22:57:27 +0200, Adam Barth wrote: It sounds like CSP is creating sub-origin privileges. Sub-origin privileges don't really work, so it's unclear to what a sensible result would be. This is a problem with your alternative CSP proposal as well, no? https://wiki.mozilla.org/

Re: [whatwg] The choice of script global object to use when the script element is moved

On Tue, Sep 7, 2010 at 1:40 AM, Henri Sivonen wrote: > On Sep 3, 2010, at 20:55, Jonas Sicking wrote: >> On Fri, Sep 3, 2010 at 10:47 AM, Adam Barth wrote: >>> I'm not sure it makes much of a difference from a security point of >>> view. >> >> Agreed. Pages can only move elements between pages th

Re: [whatwg] The choice of script global object to use when the script element is moved

NOTE! This email contains URLs to pages that crash WebKit on reload, so you probably shouldn't follow the URLs here in any WebKit-based browser where you have something important going on in the same renderer process. (In Chrome, only the isolated content process crashes.) > On Fri, Sep 3, 2010

Re: [whatwg] The choice of script global object to use when the script element is moved

On 9/3/10 1:55 PM, Jonas Sicking wrote: On Fri, Sep 3, 2010 at 10:47 AM, Adam Barth wrote: I'm not sure it makes much of a difference from a security point of view. Agreed. Pages can only move elements between pages that are in the same security context anyway so I can't really think of any a

Re: [whatwg] The choice of script global object to use when the script element is moved

On Fri, Sep 3, 2010 at 10:47 AM, Adam Barth wrote: > I'm not sure it makes much of a difference from a security point of > view. Agreed. Pages can only move elements between pages that are in the same security context anyway so I can't really think of any attacks that any of the approaches would

Re: [whatwg] The choice of script global object to use when the script element is moved

I'm not sure it makes much of a difference from a security point of view. I suspect WebKit does #3 because it grabs the security context immediately before executing the script. That actually seems marginally safer because it means you're unlikely to grab an out-dated security context. Adam On