[webkit-dev] Extra privileges for local javascripts with WebkitGtk

Dieter Plaetinck dieter at plaetinck.be
Mon Jan 4 09:30:29 PST 2010


Hi guys,
for the uzbl browser (www.uzbl.org) we want to give users the ability
to execute their own javascripts with extra privileges.
Extra privileges = executing uzbl commands which can do many actions,
such as executing shell commands.
But at the same time, we want js scripts from the users to be able to
modify the DOM of webpages.

The extra privileges should obviously never become available to
javascripts from websites.

Currently we implemented the so-called "Uzbl" object which
has a 'run' method.  See the 'eval_js' function in
http://github.com/Dieterbe/uzbl/blob/master/uzbl-core.c for our current
implementation.
and 'JAVASCRIPT HELPER OBJECT' at
http://github.com/Dieterbe/uzbl/blob/master/README

It was brought to my attention that given the way js works (you can
change core DOM functions such as window.addEventListener or
document.createElement), stack/object inspection, and maybe more (mind
you: I'm not familiar with how JS works at all, hence this mail) the
Uzbl object can "leak" to the scope of js scripts of website, which is
quite bad.

See for a sample exploit:
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html

Can you advise us on how to tackle this topic?
Is there a clean solution for this problem?

Thanks,
Dieter


More information about the webkit-dev mailing list