Firefox/Projects/Binding for untrusted text in security dialogs
Design and implement a common way for security dialogs to include untrusted text without compromising the rest of the dialog. The implementation might take the form of an XBL binding.
A private page describes some of the attacks we would like to defend against, and contains a partial list of security dialogs in Firefox. It is clear that given the number of attacks and number of dialogs, ad-hoc checks are doomed to failure.
- Project Lead: Blair (Unfocused)
- Alternate Contact: Johnath
- Initiator: jesse
- Defend against attacks where site-supplied text breaks other parts of security dialogs.
- Defend against sites supplying sentences (except perhaps by setting site-supplied text apart visually).
- Defend against "badgering" attacks.
- Save the world from scareware