Javascript security

Saturday, 30 June 2007

Same origin policy is outdated for modern attacks, I would like to see the browser manufacturers create new techniques for protecting users against attacks.

My idea for would be to create a browser javascript policy which is stored on the web site which lists the allowed functions/objects that are allowed to be used. So by default a lot of dangerous functions are turned off (Javascript:,XMLHttpRequest,iframes,window.open etc), the browser would then not allow interaction between these objects with web sites or itself.

If all those functions/objects were disabled by default and the web sites selectivity enable the ones they require, it becomes much harder to exploit a web site without access to those features.

The entry 'Javascript security' was posted on June 30th, 2007 at 11:00 am and is filed under javascript, php, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed :( too much spam. If you want to contact me about any article please email or tweet me.

«
»