> I think Brendan had some ideas based on tainting to make something > like your > approach work....
Hmm, I'm not familiar with this...do you know anything more? Tracking origins isn't our primary implementation problem, though, it's that we don't know how to enforce the policy *even if* we are certain what the script origin is. This is what we aren't certain how to get around: > 2) Security checks don't happen on all object accesses. ... In > particular, access > to random JS properties all within a window is NOT security- > checked > as things stand. In order to enforce properties within a page, we'd need to do all of these checks that currently aren't being done... One way we could do it is to essentially "cut out" the untrusted div content, put it in some kind of new temporary page, replace the cut out code with an iframe reference to the new temp page, and then proceed from there. Perhaps we could do something funky with the origin checks so that the outer window always sees the inner window as the same origin, but vice versa is not the case. The primary problem with this approach is that it would mess up the DOM *completely* -- we want the outer trusted content to be able to access the untrusted content in a completely regular fashion. [By the way, thanks for the explanation & clarification.] Adrienne _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
