brendan at mozilla.com
Thu Aug 1 14:22:14 PDT 2013
Boris Zbarsky wrote:
> On 8/1/13 4:27 PM, Brendan Eich wrote:
>> Ok, but Hixie was contrasting with a process-isolated implementation.
> Hixie is suggesting process-isolating iframes that are not same-origin
> to start with and can't be made same-origin via document.domain
> He is not suggesting process-isolating iframes which might ever become
> So his proposed implementation gives good defence in depth for things
> that are completely different origins and always will be, but does
> nothing for protecting mail.google.com from calendar.google.com, say,
> compared to the current situation..
For those two to join origins, they'd need to be reachable, which means
loaded in related window/iframe(s) and/or visible by the ancestor-rule
to window.open. So that helps a bit -- disjoint constellations that
cannot be connected can be process-isolated from the get-go, even if
their origins are subdomains of a common super-origin.
I'm not sure what the threat is, if any. Still seems kind of hinky.
As a spec, it indeed looks like pave-the-whack-a-mole-paths. Can we do
better? My attempt to throw a net over Apple and Microsoft folks here
has so far caught no fish. :-P
More information about the es-discuss