LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mozilla plans for Firefox 3 and beyond

Mozilla plans for Firefox 3 and beyond

Posted Jul 5, 2008 0:47 UTC (Sat) by njs (guest, #40338)
In reply to: Mozilla plans for Firefox 3 and beyond by nix
Parent article: Mozilla plans for Firefox 3 and beyond 

It's hopefully not a huge security hole in that the "cross-site XHR" is actually the "build a
security framework that allows cross-site XHR in the cases where it is safe but not in the
ones where it isn't" feature.  There's a W3C proposal and all that.  So that's reassuring,
right?

I haven't followed the design of this thing myself, and the track record of people trying to
build secure stuff on top of the incredibly complex mash that is web technologies doesn't make
me terribly confident that they'll manage to get it right... but then again, the web is such a
mess security-wise that I'm not sure it's likely to make things much worse.

http://developer.mozilla.org/en/docs/Cross-Site_XMLHttpRe...

(Log in to post comments)

Mozilla plans for Firefox 3 and beyond

Posted Jul 5, 2008 8:57 UTC (Sat) by nix (subscriber, #2304) [Link] 

Well, that looks less horrible than, say, MS's zones: but I can just feel 
the edge cases waiting to be missed, leading to XHRs being allowed in 
cases where they shouldn't be...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds