Context Navigation

← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #615, comment 8

Timestamp:: 2011-05-28T20:15:11Z (13 years ago)
Author:: zooko
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #615, comment 8

initial	v1
9	9	(I originally thought that it would be possible to create a blank iframe using {{{src="about:blank"}}}, and have the parent script inject HTML into it directly using part of the technique described in http://softwareas.com/injecting-html-into-an-iframe . However, if that were possible then it would be a browser security bug, because you shouldn't be able to inject content into a frame with a different origin even if you have a direct reference to it. And we don't really want to rely on exploiting browser security bugs ;-)
10	10
11		Anyway, I '''think''' this adequately isolates the injected page. Obviously it needs extensive testing in different browsers; we're relying on the fact that, although the injected page can obtain a reference to its parent (which has an origin shared by other WUI pages) using {{{document.top}}}, the same-origin policy shouldn't allow it to arbitrarily interfere with that parent (even though it can communicate with it). So this is not an example of the "sub-origin" approaches that are criticised in the Jackson/Barth paper.
	11	Anyway, I '''think''' this adequately isolates the injected page. Obviously it needs extensive testing in different browsers; we're relying on the fact that, although the injected page can obtain a reference to its parent (which has an origin shared by other WUI pages) using {{{document.top}}}, the same-origin policy shouldn't allow it to arbitrarily interfere with that parent (even though it can communicate with it). So this is not an example of the "sub-origin" approaches that are criticised in the !Jackson/Barth paper.
12	12
13	13	{{{img}}} tags in the injected page should still work because those aren't subject to the same-origin policy. (It would be a bug if web content could read the pixels of an image, but that wouldn't be a Tahoe-specific bug.) Similarly for nested frames or iframes in the injected page (the contents of these shouldn't be accessible to the injected page because their origins won't compare equal to the {{{about:blank}}} origin).