The module tag seems like a similar approach as the window.postMessage()
functionality in Gecko 1.9:
https://developer.mozilla.org/En/DOM:window.postMessage
Perhaps the main difference with module is that the scope of
communications is a bit more focused (DOM-id-based instead of
origin-based). It is my impression that most of the functionality of
the module tag can be accomplished with iframes and postMessage.
-Sid
On 4/26/09 10:15 PM, Bastian Meier wrote:
Hello @ all
While writing my thesis about security in web2.0 i have implemented the
Module-Tag from Douglas Crockford. It enables a site to communicate with
embedded widgets while preventing the widget from manipulating the site.
In order to make some use of this Firefox-Extension, i published the
code at [addons.mozilla.org/de/firefox/addon/10090]. This extension
works with frames, because of the use of the Same-Origin-Policy to
separate site and widget from each other. An interface provides the
functionality to send messages from the site to the widget and backwards.
The goal is to discuss the Module-Tag and its usefulness to modern web
security especially while using widgets.
I would like to ask for opinions about the Module-Tag and my
implementation of it. I couldn't find any alternative extensions or
projects with the same security service,so i think this will be a very
useful one to everybody.
Basti
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
