[cryptography] How to safely produce web pages from multiple sources?

Natanael natanael.l at gmail.com
Tue Aug 28 22:10:27 EDT 2012


Isn't the standard answer to always verify, verify, verify? Make sure you
only accept some types of data from Malloc and verify it *can't* do strange
crap. Also, read up on XSS prevention and all that.

BTW, it doesn't have to be done in the browser. You can do it server side,
although it will increase your traffic, CPU and memory load.

On Wed, Aug 29, 2012 at 3:33 AM, James A. Donald <jamesd at echeque.com> wrote:

> Suppose your web page incorporates some content from another url, a not
> altogether trusted url.  Let us call this other url Malloc.  You, the owner
> of the website and the author of the main part of the web page are Bob, the
> browser is being viewed by Carol, and you incorporate content from Malloc
> that you hope is innocent, but may not be.
>
> How does Bob make sure his web page cannot have its secrets leaked, nor
> can the content that Bob intends to control be controlled by Malloc, so
> that Malloc cannot man-in-the-middle, cannot spy on, nor change, the
> conversation between Bob and Carol, cannot lead Carol to think Bob said
> something different from that which he intended to say, nor lead Bob to
> think that Carol clicked on something other than that which she clicked on?
> ______________________________**_________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120829/75d264b1/attachment.html>


More information about the cryptography mailing list