[cryptography] How to safely produce web pages from multiple sources?
ben at links.org
Wed Aug 29 06:16:44 EDT 2012
On Wed, Aug 29, 2012 at 9:31 AM, James A. Donald <jamesd at echeque.com> wrote:
> On Wed, Aug 29, 2012 at 2:33 AM, James A. Donald <jamesd at echeque.com> wrote:
>>> Suppose your web page incorporates some content from
>>> another url, a not altogether trusted url. Let us call
>>> this other url Malloc. You, the owner of the website and
>>> the author of the main part of the web page are Bob, the
>>> browser is being viewed by Carol, and you incorporate
>>> content from Malloc that you hope is innocent, but may not
>>> How does Bob make sure his web page cannot have its
>>> secrets leaked, nor can the content that Bob intends to
>>> control be controlled by Malloc, so that Malloc cannot
>>> man-in-the-middle, cannot spy on, nor change, the
>>> conversation between Bob and Carol, cannot lead Carol to
>>> think Bob said something different from that which he
>>> intended to say, nor lead Bob to think that Carol clicked
>>> on something other than that which she clicked on?
> On 2012-08-29 1:13 PM, Ben Laurie wrote:
>> Caja: http://code.google.com/p/google-caja/.
> So Bob's server gets a page from Malloc's server, vanillizes it using Caja,
> and serves Carol with Bob's content combined with vanilla Malloc content.
> Or does Bob's web page running on Carol's machine download a page from
> Malloc's server, and caja-ize Malloc's page on Carol's machine before
> permitting it to run on Carol's machine inside the context controlled by
There's nothing to prevent the latter, in theory, but the current
implementation runs on Bob's server.
Not sure "vanillizes" is the right term (we say "cajoles", btw) - Caja
allows the cajoled page to do pretty much everything an uncajoled page
can - the interesting part is that Bob's page gets to create a sandbox
for Carol's cajoled page to run in.
More information about the cryptography