On Wed, 27 Jan 2010 23:01:17 -0800 Adam Barth <aba...@webkit.org> wrote:
> Getting this right with the approach you seem to be taking is > extremely difficult. The problem is not that the local script is > untrustworthy. The problem is that the web page it's interacting with > might be able to steal its privileges. Thank you, but can you describe this a bit more? Even if we don't pass around the object or attach it to an object such as document or window, we are still vulnerable? How can the webpage "steal privileges"? > > Isolated worlds should be implemented in webkitgtk+ thanks to some > contributors from Apple. I bet all that's left to do is add an API > for accessing the functionality. The PDF is just being honest when it > says "reasonable assurance." I'd be extremely skeptical of someone > who claims more than reasonable assurance for a commercial-grade > system. > > Adam That's good to know. I'm looking forward to it. The "reasonable assurance" part, does this mean a problem with the design or is this more about potential issues with the (early) implementations? _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
