In the matrix, make blacklisted types have precedence over whitelisted hostnames #29

gorhill · 2013-10-25T09:45:43Z

Given the news that php.net was hacked with a malware which worked through an iframe (this is common for malware), this feature which I was considering since a while appears to be a must-have now.

http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/

So it will be like that:

Blacklisted types have precedence over whitelisted hostnames (new behavior)
Blacklisted hostnames have precedence over whitelisted types (stays same as current)

This is a change in behavior. It is a good idea to blacklist iframes in general, but this choice is currently meaningless when whitelisting a specific hostname, as the hostname currently has always priority. So the basic logic will be simple enough to not cause confusion (hopefully) in user's mind:

Whatever is blacklisted by inheritance has precedence over what is whitelisted by inheritance. (hopefully I won't find annoying side effect complication with this new behavior.)

ghost assigned gorhill Oct 25, 2013

gorhill mentioned this issue Oct 25, 2013

Need to allow for precedence of type over domain #10

Closed

gorhill closed this as completed in eec61b5 Oct 25, 2013

gorhill added a commit that referenced this issue Oct 26, 2013

Addendum to #29: let the user choose

c163b6b

gorhill mentioned this issue Oct 27, 2013

Can't whitelist read-only blacklisted hostnames #33

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

In the matrix, make blacklisted types have precedence over whitelisted hostnames #29

In the matrix, make blacklisted types have precedence over whitelisted hostnames #29

gorhill commented Oct 25, 2013

In the matrix, make blacklisted types have precedence over whitelisted hostnames #29

In the matrix, make blacklisted types have precedence over whitelisted hostnames #29

Comments

gorhill commented Oct 25, 2013