[cryptography] How to safely produce web pages from multiple sources?

Ben Laurie ben at links.org
Tue Aug 28 23:13:43 EDT 2012


On Wed, Aug 29, 2012 at 2:33 AM, James A. Donald <jamesd at echeque.com> wrote:
> Suppose your web page incorporates some content from another url, a not
> altogether trusted url.  Let us call this other url Malloc.  You, the owner
> of the website and the author of the main part of the web page are Bob, the
> browser is being viewed by Carol, and you incorporate content from Malloc
> that you hope is innocent, but may not be.
>
> How does Bob make sure his web page cannot have its secrets leaked, nor can
> the content that Bob intends to control be controlled by Malloc, so that
> Malloc cannot man-in-the-middle, cannot spy on, nor change, the conversation
> between Bob and Carol, cannot lead Carol to think Bob said something
> different from that which he intended to say, nor lead Bob to think that
> Carol clicked on something other than that which she clicked on?

Caja: http://code.google.com/p/google-caja/.

> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list