This could be thought of as a subset of “some combinations are inherently safe”,
where the number of safe combinations is one.
In some environments it makes sense to limit what the untrusted code can
do to a very small set of capabilities. For example, web gadgets (a.k.a. widgets)
could be limited to
• Writing a safe subset of HTML to a designated part of the web page
displayed in a browser.
• Receiving user input through forms on the web page.
• Receiving mouse clicks from the user when they are within the bounds of
the part of the page allocated to the gadget.
• Making a network connection to their originating site.
This would provide useful functionality whilst effectively insulating the user
from any bad things the gadget could do (such as, for example, navigating to a
phishing site, or attempting to steal the user’s login cookies for the embedding
page).
Google’s Caja project[1] can be used to do exactly this, amongst other things.
No comments:
Post a Comment