On 4/16/05, Ian G <[EMAIL PROTECTED]> wrote: > So maybe the answer is that if the user chooses to > save the file, the save process checks to see if any > javascript is in there, and then warns the user as > if it were an email with exe attachment. I.e., it > says the same thing as if an exe was received in > email: > > this page contains programs and may do damage > like any virus, are you sure you want to save it? > > After saving it, any viewing of the saved page > will cause it to run with full privileges!
This solution is analogous to the way Microsoft Word deals with Visual Basic macros in Word documents. We all know how well that's worked out. Either the user says 'OK', and all is lost; or the user says 'Cancel', and vital functionality is lost. It's a lose-lose scenario. I suggest adopting a design like that in Polaris, where authorization is inferred from user acts of designation. See the HP Labs tech report at: http://www.hpl.hp.com/techreports/2004/HPL-2004-221.html See also Ping's research: http://www.sims.berkeley.edu/~ping/sid/ Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
