Getting this right with the approach you seem to be taking is extremely difficult. The problem is not that the local script is untrustworthy. The problem is that the web page it's interacting with might be able to steal its privileges.
Isolated worlds should be implemented in webkitgtk+ thanks to some contributors from Apple. I bet all that's left to do is add an API for accessing the functionality. The PDF is just being honest when it says "reasonable assurance." I'd be extremely skeptical of someone who claims more than reasonable assurance for a commercial-grade system. Adam On Wed, Jan 27, 2010 at 12:49 PM, Dieter Plaetinck <[email protected]> wrote: > Hi guys, > as a continuation of my earlier topic: > https://lists.webkit.org/pipermail/webkit-dev/2010-January/011122.html > > We've read more about isolatedworlds ( > http://www.adambarth.com/papers/2010/barth-felt-saxena-boodman.pdf et > al) > > but given: > 1) it's not implemented yet in webkitgtk+ > 2) it looks kinda complex > 3) it doesn't give the impression it's waterproof (for example: "to > select the correct world with reasonable assurance (...)" on page 10 > of the pdf) > 4) we treat local code as trusted. after all we're talking about small > scripts the user explicitly enables, not untrustworthy addons. we > assume local scripts are written and treated with the same care as the > source code of the browser itself. > > we are investigating other directions to solve our issue. > > one such approach is can be seen at: > http://github.com/sloonz/uzbl/commit/662d7a1d88b5319877296348e83aa1db2cfc5a62 > > the idea is that we would only call our special (privileged) object by > 'this.Uzbl' and using a different 'this' for the local scripts and the > remote ones. > If we make sure we never pass around the instance of this.Uzbl as > arguments or put it in another object, we *think* we are good. > > more info: > http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000619.html > http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000683.html > > is this a good idea? is it safe? will it stay safe? > > thanks! > Dieter > _______________________________________________ > webkit-dev mailing list > [email protected] > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
