In reference to http://www.gerv.net/security/content-restrictions/ Which may provide a way for us to provide full web functionality without having to write whitelist filters for everything including javascript !
----- Forwarded message from me ----- Subject: Content Restrictions and Freenet Hi, I believe we met at FOSDEM? I work on Freenet, http://freenetproject.org/ , a censorship resistant peer to peer system designed for use in hostile regimes. This includes a web front-end: Files and web sites are published internally and accessed through localhost. In order to prevent web-bugs (img src's pointing to files on the real web giving away your IP address, for example), at present we implement a whitelist filter, which only supports HTML 4.01 and no scripting. Your Content Restrictions proposal may give us a way to support more or less full web functionality. Specific issues: - We would probably use request=nopost domain=127.0.0.1 - For our purposes, going beyond scripting to restrict all content on the page is a good thing. It means we don't have to filter the content we pass along to the browser at all, once we know the browser supports the content restrictions. This will be the case with any system where you can upload HTML including arbitrary tags, although I can see that most e.g. forums may want to impose a strictly limited subset. - We obviously need some way to detect whether this is in operation in a script in a filtered page; if it is, we redirect to an unfiltered one. - Obviously e.g. included CSS files would need to be interpreted with the same policy. At present we have to put in an explicit MIME type specification in <link rel=stylesheet> to ensure that CSS is filtered correctly. - Because we will want some forms (e.g. a search form within a portal site), we will need to be able to have an unfiltered page inline a filtered stylesheet. Thanks! ----- End forwarded message ----- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070301/31b6565f/attachment.pgp>
