[tahoe-lafs-trac-stream] [tahoe-lafs] #615: Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
tahoe-lafs
trac at tahoe-lafs.org
Thu Mar 29 18:49:14 UTC 2012
#615: Can JavaScript loaded from Tahoe access all your content which is loaded
from Tahoe?
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: davidsarah
Type: defect | Status: assigned
Priority: | Milestone: soon
critical | Version: 1.3.0
Component: code- | Keywords: newcaps confidentiality integrity
frontend-web | preservation capleak gsoc
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by davidsarah):
Mozilla and other browsers have been making good progress recently on
implementing the HTML5 sandbox spec. That's a better approach than what I
suggested in comment:8, since it's making use of a fully specified browser
feature rather than the behaviour of an implementation-dependent corner
case. So, as long as we only relied on the specified behaviour, any
security holes in it would be browser bugs and would be the vendors'
responsibility to fix.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/615#comment:23>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list