Confirmed users, Bureaucrats and Sysops emeriti
419
edits
Security:Wrapper-based Checks: Difference between revisions
Security:Wrapper-based Checks (view source)
Revision as of 01:27, 15 November 2006
, 15 November 2006→Pros and cons
No edit summary |
|||
| Line 29: | Line 29: | ||
There are several benefits to this approach. First, it's reasonably simple to implement. Second, it eliminates action-at-a-distance issues like [https://bugzilla.mozilla.org/show_bug.cgi?id=287446 Bug 287446]. Third, it should be possible to make this ''extremely'' fast, especially for the same-origin case (subject and object principals match) -- even by use of [[Mozilla 2 | JIT compilation]]. | There are several benefits to this approach. First, it's reasonably simple to implement. Second, it eliminates action-at-a-distance issues like [https://bugzilla.mozilla.org/show_bug.cgi?id=287446 Bug 287446]. Third, it should be possible to make this ''extremely'' fast, especially for the same-origin case (subject and object principals match) -- even by use of [[Mozilla 2 | JIT compilation]]. | ||
The most obvious drawback is that you don't get | The most obvious drawback is that you don't get defense-in-depth. That is, once something gets an unwrapped object from a different trust domain, there are no more security checks. This means that cross-domain-accessible DOM methods (e.g., <tt>window.open</tt>) must be written with great care to wrap any results passed back to another origin. | ||
= Implementation notes = | = Implementation notes = | ||