On Thu, 9 Feb 2006, Alexey Feldgendler wrote: > What you say can be implemented, though, and it has the same underlying > requirement as the sandboxing approach that I wrote about before: > origin-tracking of every piece of script code. Here are the rules. [...]
These rules, and rules like it (this is a relatively important area of security research), have performance characteristics that several browser vendors have told me are unacceptable. I think we're stuck with the current model, at least for the forseeable future. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
