"Gervase Markham" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Robert O'Callahan wrote in mozilla.dev.planning: >> There are some posts in the IE blog about IE8 security features. >> http://blogs.msdn.com/ie/ >> Most of it is just trying to catch up to Firefox 3. Three things that >> we might want to look at, though: >> 1) A window.toStaticHTML DOM method to sanitize HTML to remove >> executable content >> 2) Web-accessible JSON API (is this going to make 3.1?) >> 3) Some kind of dynamic anti-XSS filter that monitors browser traffic >> and blocks stuff. Not many details about that yet. > Is this idea similar to the user-level phishing-shield plug-in available at http://www.parentapproval.com ?
This is based on user-managed white-list and labels of PPI (protected personal info). > This latter is an interesting idea, but it sounds to me like a recipe > for hard-to-understand breakage and bugs, particularly if ours works > differently to theirs. I'd be interested in closer analysis of what > proportion of attacks this might address, and whether we can immediately > think of ways attackers could break it. > > Does anyone have more info, or comments on their approach? The doc is here: > http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx > > Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
