Realm, schmealm!

Brendan Eich brendan at mozilla.com
Thu Aug 1 14:22:14 PDT 2013


Boris Zbarsky wrote:
> On 8/1/13 4:27 PM, Brendan Eich wrote:
>> Ok, but Hixie was contrasting with a process-isolated implementation.
>
> Hixie is suggesting process-isolating iframes that are not same-origin 
> to start with and can't be made same-origin via document.domain
>
> He is not suggesting process-isolating iframes which might ever become 
> same-origin.
>
> So his proposed implementation gives good defence in depth for things 
> that are completely different origins and always will be, but does 
> nothing for protecting mail.google.com from calendar.google.com, say, 
> compared to the current situation..

For those two to join origins, they'd need to be reachable, which means 
loaded in related window/iframe(s) and/or visible by the ancestor-rule 
to window.open. So that helps a bit -- disjoint constellations that 
cannot be connected can be process-isolated from the get-go, even if 
their origins are subdomains of a common super-origin.

I'm not sure what the threat is, if any. Still seems kind of hinky.

As a spec, it indeed looks like pave-the-whack-a-mole-paths. Can we do 
better? My attempt to throw a net over Apple and Microsoft folks here 
has so far caught no fish. :-P

/be


More information about the es-discuss mailing list