You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 1, 2024. It is now read-only.
At least as explained in the FAQ, Injection doesn't appear to have the same properties as Transport or Isolation in that it's not guaranteed to be valid for the entire top-level browsing context (modulo data URLs for Transport, but we'll fix that).
I think that's a key aspect of being a secure context (remember Netflix).
The text was updated successfully, but these errors were encountered:
That's a good point, and I agree with you that it's core to the general notion that we take a holistic approach that includes a document, its dependencies, and ancestors.
The first thing that occurs to me is some require-injection-mitigation assertion similar to require-corp that would enforce a minimum standard on framed documents and workers (echos of embedded enforcement...). With that assertion in place, we'd examine the incoming response headers of a nested navigation, for example, and block it if it didn't meet whatever minimum bar we put in place (which might be an explicit opt-out).
I think that would address the concern here, but I haven't thought about it enough to decide if it's a good way of doing so. :)
Hey Anne! I'm archiving this repo, but pushed the injection discussion out to https://mikewest.github.io/injection-mitigated/ where I'm (slowly) noodling on things. My current take is that injection mitigation is intrinsically tied to a given environment, and there's less value in enforcing the transitivity we discussed here when considering the exposure of a given IDL construct.
At least as explained in the FAQ, Injection doesn't appear to have the same properties as Transport or Isolation in that it's not guaranteed to be valid for the entire top-level browsing context (modulo data URLs for Transport, but we'll fix that).
I think that's a key aspect of being a secure context (remember Netflix).
The text was updated successfully, but these errors were encountered: