The Module-Tag as a solution to improve security while using widgets

0 views
Skip to first unread message

Bastian Meier

unread,
Mar 17, 2009, 1:22:17 PM3/17/09
to
Hello @ all

While writing my thesis about security in web2.0 i have implemented the
Module-Tag from Douglas Crockford. It enables a site to communicate with
embedded widgets while preventing the widget from manipulating the site.

In order to make some use of this Firefox-Extension, i published the
code at [addons.mozilla.org/de/firefox/addon/10090]. This extension
works with frames, because of the use of the Same-Origin-Policy to
separate site and widget from each other. An interface provides the
functionality to send messages from the site to the widget and backwards.
The goal is to discuss the Module-Tag and its usefulness to modern web
security especially while using widgets.

I would like to ask for opinions about the Module-Tag and my
implementation of it. I couldn't find any alternative extensions or
projects with the same security service,so i think this will be a very
useful one to everybody.

Basti

Martin

unread,
Apr 16, 2009, 4:07:54 AM4/16/09
to
Bastian Meier wrote:
> Hello @ all
>
> While writing my thesis about security in web2.0 i have implemented the
> Module-Tag from Douglas Crockford. It enables a site to communicate with
> embedded widgets while preventing the widget from manipulating the site.

I'm wondering why there is no comment on this. Is this the wrong place
to discuss it or is the Module-Tag uninteresting to you or are there
more infos needed?
What do you think about the concept of the module tag?
(http://www.json.org/module.html)


Regards,
Martin

Johnathan Nightingale

unread,
Apr 16, 2009, 9:55:00 AM4/16/09
to Martin, dev-pl...@lists.mozilla.org
Hello Martin,

This is interesting work to see, but you might find more direct
interest in the mozilla.dev.security newsgroup, where technologies
like Origin Headers, Content Security Policy, are discussed. Your
work would seem to fit nicely into that category, would you agree?

Cheers,

Johnathan

> _______________________________________________
> dev-platform mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform

---
Johnathan Nightingale
Human Shield
joh...@mozilla.com

Reply all
Reply to author
Forward
0 new messages