Please Anwser this question? :/
3 views
Skip to first unread message
Eric Dorman
Jul 7, 2010, 1:40:12 AM7/7/10
to Google Caja Discuss
Is there any work being done on securing the HTML 5 Localstorage
feature like for example implementing an SSL Model into the new
system. ;p
feature like for example implementing an SSL Model into the new
system. ;p
๏̯͡๏ Jasvir Nagra
Jul 7, 2010, 2:50:51 AM7/7/10
to google-ca...@googlegroups.com
I don't think I understand the question. Webstorage apis like localstorage and sessionStorage are exposed via javascript apis. A container using caja can expose access to these api or attenuate access to it. This is called taming. Caja doesn't provide a default taming for webstorage. Is this what you are asking for?
If so, I don't understand how SSL fits into your question. The security model for webstorage apis are based on same-origin making them vulnerable to spoofing attacks. This is only partially mitigated by SSL and certainly doesn't help for the use case for which Caja is intended where third party code is being served on the same domain as container code.
Eric Dorman
Jul 12, 2010, 11:01:44 AM7/12/10
to Google Caja Discuss
Hello Jasvir,
Yes, I am talking about taming. Taming is what I guess I am asking for
since SSL only protects the webstorage apis partially.
I think maybe if a new taaming system would be developed for
webstorage it would be really good to see.
Yes, I am talking about taming. Taming is what I guess I am asking for
since SSL only protects the webstorage apis partially.
I think maybe if a new taaming system would be developed for
webstorage it would be really good to see.
Reply all
Reply to author
Forward
0 new messages