Published 18 years 11 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
Same origin policy is outdated for modern attacks, I would like to see the browser manufacturers create new techniques for protecting users against attacks.
My idea for would be to create a browser javascript policy which is stored on the web site which lists the allowed functions/objects that are allowed to be used. So by default a lot of dangerous functions are turned off (Javascript:,XMLHttpRequest,iframes,window.open etc), the browser would then not allow interaction between these objects with web sites or itself.
If all those functions/objects were disabled by default and the web sites selectivity enable the ones they require, it becomes much harder to exploit a web site without access to those features.