David Herman wrote:
On Aug 9, 2013, at 5:59 PM, Brendan Eich<[email protected]> wrote:
It turns out dherman is working with a grad student doing a taint model; cc'ing
him.
That student you're referring to is Deian Stefan, who's doing work on extending
the expressiveness of the browser security model to allow you to do things you
can't today (e.g., using third-party sites across-origin without danger of them
compromising the integrity of your DOM or leaking privacy to their server,
without requiring any special HTTP headers).
Cool, keen to learn more when I have time and there's more to learn ;-).
I also introduced Ivan to jimb, so it should come as no surprise that I think
the two projects are independent. :) The reason I got him in touch with the
devtools team is that this is a bug-finding tool, rather than high-stakes
engine infrastructure. IOW, I agree with Mark that it doesn't need to be sound.
Can it be done other than in SpiderMonkey?
Heretical, I know, but carrying even an unsound information flow patch
could be too much for the "high-stakes engine infrastructure".
/be
_______________________________________________
dev-tech-js-engine-internals mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
