Realms Initialization Control #1062
Comments
zcorpan
added
team: DOM
team: Security
venue: W3C CG
|
This loses me right off the top. From the "Use Cases" section of the explainer
"untrusted code" has no business running in your origin, full stop. The <script> tag should have been same-origin from the beginning, but that's a 30-year-old mistake we have to live with. I know the current web is built in this ridiculous way such that a recent web site I visited assured me that it and its 893 partners (literally) would keep my data safe, but that is at least 890 organizations beyond the human capacity to achieve. trusted libraries can be hosted on your own site. Services can be talked to over APIs using fetch or server-to-server on your back-end. Other code can be run in a sandboxed <iframe>. But JavaScript is way too squirrelly to rely on the kind of constraint you're proposing. It could certainly mostly work, just as your Snow library mostly works, but if it doesn't work perfectly then in the end what have you accomplished? Every year there are new JavaScript features in browsers, and every one of them is a possible bypass to whatever protections your site has built on top of this proposed feature. [this is my personal pessimistic opinion, not "Mozilla's position"] |
I recognize that the above does not meet the demands of the modern adtech industry, but they demand it because not enough sites are willing to say no. It is not secure and not securable. From Microsoft's Immutable Laws of Security:
|
Request for Mozilla Position on an Emerging Web Specification
The text was updated successfully, but these errors were encountered: