[cryptography] How to safely produce web pages from multiple sources?
James A. Donald
jamesd at echeque.com
Tue Aug 28 21:33:55 EDT 2012
Suppose your web page incorporates some content from another url, a not
altogether trusted url. Let us call this other url Malloc. You, the
owner of the website and the author of the main part of the web page are
Bob, the browser is being viewed by Carol, and you incorporate content
from Malloc that you hope is innocent, but may not be.
How does Bob make sure his web page cannot have its secrets leaked, nor
can the content that Bob intends to control be controlled by Malloc, so
that Malloc cannot man-in-the-middle, cannot spy on, nor change, the
conversation between Bob and Carol, cannot lead Carol to think Bob said
something different from that which he intended to say, nor lead Bob to
think that Carol clicked on something other than that which she clicked on?
More information about the cryptography