Javascript security

Same origin policy is outdated for modern attacks, I would like to see the browser manufacturers create new techniques for protecting users against attacks.

My idea for would be to create a browser javascript policy which is stored on the web site which lists the allowed functions/objects that are allowed to be used. So by default a lot of dangerous functions are turned off (Javascript:,XMLHttpRequest,iframes, etc), the browser would then not allow interaction between these objects with web sites or itself.

If all those functions/objects were disabled by default and the web sites selectivity enable the ones they require, it becomes much harder to exploit a web site without access to those features.

Comments are closed :( too much spam. If you want to contact me about any article please email or tweet me.