[cryptography] How to safely produce web pages from multiple sources?

Ben Laurie ben at links.org
Wed Aug 29 06:16:44 EDT 2012

On Wed, Aug 29, 2012 at 9:31 AM, James A. Donald <jamesd at echeque.com> wrote:
> On Wed, Aug 29, 2012 at 2:33 AM, James A. Donald <jamesd at echeque.com> wrote:
>>> Suppose your web page incorporates some content from
>>> another url, a not altogether trusted url.  Let us call
>>> this other url Malloc.  You, the owner of the website and
>>> the author of the main part of the web page are Bob, the
>>> browser is being viewed by Carol, and you incorporate
>>> content from Malloc that you hope is innocent, but may not
>>> be.
>>> How does Bob make sure his web page cannot have its
>>> secrets leaked, nor can the content that Bob intends to
>>> control be controlled by Malloc, so that Malloc cannot
>>> man-in-the-middle, cannot spy on, nor change, the
>>> conversation between Bob and Carol, cannot lead Carol to
>>> think Bob said something different from that which he
>>> intended to say, nor lead Bob to think that Carol clicked
>>> on something other than that which she clicked on?
> On 2012-08-29 1:13 PM, Ben Laurie wrote:
>> Caja: http://code.google.com/p/google-caja/.
> So Bob's server gets a page from Malloc's server, vanillizes it using Caja,
> and serves Carol with Bob's content combined with vanilla Malloc content.
> Or does Bob's web page running on Carol's machine download a page from
> Malloc's server, and caja-ize Malloc's page on Carol's machine before
> permitting it to run on Carol's machine inside the context controlled by
> Bob.

There's nothing to prevent the latter, in theory, but the current
implementation runs on Bob's server.

Not sure "vanillizes" is the right term (we say "cajoles", btw) - Caja
allows the cajoled page to do pretty much everything an uncajoled page
can - the interesting part is that Bob's page gets to create a sandbox
for Carol's cajoled page to run in.

More information about the cryptography mailing list