Re: [whatwg] Side effects free scripts

Sun, 28 May 2006 02:47:56 -0700

On Sun, 28 May 2006 03:31:56 +0700, Mihai Sucan <[EMAIL PROTECTED]> wrote:
Sandboxes would, of course, deal with this, but there is a much simpler measure targeted specifically at such exploits. 


Yes, sandboxes are somehow overkill, like "did the web reach this level  
already?". That's something along the line: "do authors really need such  
advanced capabilities?".



Thinking of sandboxing is like viruses are already running in the wild.  
However, it's better to think forward and take caution.



I didn't say sandboxes are overkill. The concept of sandboxing is a result  
of analyzing vulnerabilities found in modern web applications, like CMS,  
blogs, forums etc. They do need that level of control.



What I said is that sandboxes is a long way to go, something that probably  
won't be in common use in the next several years. However, there is a  
whole class of attacks which can be prevented by a much simpler measure,  
and that's what I was writing about.



9. Optionally, execution time limit may be imposed on the thread, so  
that it doesn't make the document unrenderable by running an endless  
loop inside CSS expression().



Of course. I like Gecko and Konqueror got the execution time limit. It's  
something important, since authors can create malicious pages which  
bring down the entire browser.



Actually, the execution time limit is somewhat out of scope, I just  
mentioned it because it came to my head. The limit is useful in many other  
places than those I listed, for example, for event listeners. However,  
even if such a limit is not imposed, a well-designed browser won't be  
taken down by an endless loop in a script: maybe the page will become  
unresponsive, but other open pages will be usable.



The above is very raw thoughts. I'd like to hear some feedback on the  
idea itself.



Interesting thoughts, but I don't know why I don't find myself  
enthusiastic about the "side-effect free script" notion you've detailed.


I would insist on taking only rational arguments into account.


Maybe something better is still needed.


Maybe someone else will offer something better.


--
Alexey Feldgendler <[EMAIL PROTECTED]>
[ICQ: 115226275] http://feldgendler.livejournal.com






















					Reply via email to