We've been doing some very similar work here in the Carleton Computer
Security Lab over the past year, and we put out a tech report in April
that I think would be really helpful:
http://www.scs.carleton.ca/research/tech_reports/index.php?Abstract=tr-08-07_0007&Year=2008
For one, we did a bunch of
[EMAIL PROTECTED] wrote:
> One of the most important features lacking IMHO is the ability to
> restrict what hosts that are 'script src'd' can do. Currently they
> have full DOM access
> which is contributing towards drive by malware on ad networks and
> other nastiness.
Not if the ads are in an ,
