On Sat, Mar 24, 2012 at 10:49 AM, Florent Daigniere < nextgens at freenetproject.org> wrote:
> On Sat, Mar 24, 2012 at 08:42:33AM -0600, Zooko Wilcox-O'Hearn wrote: > Hi Zooko, > > It was me... And the difference in betweek fproxy (the freenet web-gateway) > and what Tahoe-LAFS does is that we attempt to parse and filter the > content. Ah yes, this is true. We employ a whitelist approach so that only parts of the HTML DOM that we know to be safe get through. So, for example, anything that might cause the user's browser to ping a remote server is verboten. It seems to work well enough in practice (I don't recall anyone ever finding a vulnerability in it). But our threat model is quite different to Tahoe's, this type of thing may not be a concern for you. Ian. -- Ian Clarke Founder, The Freenet Project Email: ian at freenetproject.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20120325/182fc580/attachment.html>
