[webkit-dev] a simple isolatedworlds alternative for uzbl?
dieter at plaetinck.be
Thu Jan 28 00:40:18 PST 2010
On Wed, 27 Jan 2010 23:01:17 -0800
Adam Barth <abarth at webkit.org> wrote:
> Getting this right with the approach you seem to be taking is
> extremely difficult. The problem is not that the local script is
> untrustworthy. The problem is that the web page it's interacting with
> might be able to steal its privileges.
Thank you, but can you describe this a bit more?
Even if we don't pass around the object or attach it to an object such
as document or window, we are still vulnerable? How can the webpage
> Isolated worlds should be implemented in webkitgtk+ thanks to some
> contributors from Apple. I bet all that's left to do is add an API
> for accessing the functionality. The PDF is just being honest when it
> says "reasonable assurance." I'd be extremely skeptical of someone
> who claims more than reasonable assurance for a commercial-grade
That's good to know. I'm looking forward to it. The "reasonable
assurance" part, does this mean a problem with the design or is this
more about potential issues with the (early) implementations?
More information about the webkit-dev