[cryptography] How to safely produce web pages from multiple sources?

James A. Donald jamesd at echeque.com
Tue Aug 28 21:33:55 EDT 2012

Suppose your web page incorporates some content from another url, a not 
altogether trusted url.  Let us call this other url Malloc.  You, the 
owner of the website and the author of the main part of the web page are 
Bob, the browser is being viewed by Carol, and you incorporate content 
from Malloc that you hope is innocent, but may not be.

How does Bob make sure his web page cannot have its secrets leaked, nor 
can the content that Bob intends to control be controlled by Malloc, so 
that Malloc cannot man-in-the-middle, cannot spy on, nor change, the 
conversation between Bob and Carol, cannot lead Carol to think Bob said 
something different from that which he intended to say, nor lead Bob to 
think that Carol clicked on something other than that which she clicked on?

More information about the cryptography mailing list