Robert Sayre wrote: > > As Brendan points out, you can't rely on web server applications to > correctly parse HTML at this point.
I agree, and I think that our sandbox implementation does a good job of avoiding this problem. I'll hold off on commenting on the <jail> proposal until I see the details. > Brendan Eich wrote: >> This is like giving whiskey and car keys to teenagers. > > Yes. This is a provocative analogy, but I am interested to know if you have in mind a specific attack that takes advantage of my scheme (that is, BEEP as implemented in our paper). To extend your analogy, how does BEEP give the teenager a **new** way of driving into a ditch? > Additionally, the fixed-whitelist jail element doesn't preclude > adding other approaches later. Agreed. But our approach means that when you realize you need a new approach, you may well be able to implement it without further changes to the browser. >> It seems to me that our scheme, even with the chance of an error in a >> policy script, has a vastly greater upside than downside. > > If implemented perfectly, by all browsers. It's much more complicated > than than the jail element, and therefore much less likely to > interoperate. Standards are tough like that. Again, I haven't seen the details of the <jail> proposal, so I can't say whether my proposal is more complicated. I think that the browser modifications needed for our implementation are pretty simple --- and this is in light of our implementation in several browsers (though not mozilla). -Trevor _______________________________________________ dev-security mailing list [EMAIL PROTECTED] https://lists.mozilla.org/listinfo/dev-security
