Hi guys, as a continuation of my earlier topic: https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html
We've read more about isolatedworlds ( http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et al) but given: 1) it's not implemented yet in webkitgtk+ 2) it looks kinda complex 3) it doesn't give the impression it's waterproof (for example: "to select the correct world with reasonable assurance (...)" on page 10 of the pdf) 4) we treat local code as trusted. after all we're talking about small scripts the user explicitly enables, not untrustworthy addons. we assume local scripts are written and treated with the same care as the source code of the browser itself. we are investigating other directions to solve our issue. one such approach is can be seen at: http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62 the idea is that we would only call our special (privileged) object by 'this.Uzbl' and using a different 'this' for the local scripts and the remote ones. If we make sure we never pass around the instance of this.Uzbl as arguments or put it in another object, we *think* we are good. more info: http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html is this a good idea? is it safe? will it stay safe? thanks! Dieter _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
