[tahoe-dev] more browser security issues
zooko
zooko at zooko.com
Sat Nov 8 20:01:37 PST 2008
I asked Collin Jackson about two other browser security issues: the
referer header and the possibility of malicious JavaScript in one
window being able to read the URL from another window. Here are his
answers.
Regards,
Zooko
Begin forwarded message:
> From: "Collin Jackson" <collinj at cs.stanford.edu>
> Date: November 8, 2008 15:32:08 PM MST
> To: zooko <zooko at zooko.com>
> Subject: Re: Disabling clipboard access in Internet Explorer
...
> > In a related issue, can you tell me the scoop on how my users
> > can most easily suppress refererer headers entirely?
>
> Most of the techniques involve making the request come from a non-
> HTTP scheme. The browser usually won't bother to send a Referer in
> this case.
>
> Option A: ftp scheme
>
> ftp://site.com/source.html
>
> Option B: about:blank scheme
>
> w = window.open("");
> w.document.write("<form ...>");
> w.document.forms[0].submit();
>
> Option C: javascript: scheme
>
> window.location="javascript:'<script>window.location='...</script>'"
>
> > And in a related issue, how can we arrange it so that
> > JavaScript running in one Window or tab cannot read the
> > URL of another window or tab?
>
> Under the current browser security policy, if they're running in
> the same security context, it's very hard to keep them apart. My
> recommendation would be to put them in different security contexts
> (scheme/host/port). I am happy to help find examples of attacks on
> proposed designs that don't do this.
>
> Collin
More information about the tahoe-dev
mailing list