[cap-talk] Comments Sought on Mozilla's SSP
Toby Murray
toby.murray at comlab.ox.ac.uk
Sat Jun 7 02:03:06 CDT 2008
>From slashdot
http://it.slashdot.org/article.pl?sid=08/06/06/1710212&from=rss
> Mozilla has opened comments for an new experimental browser security
> initiative, dubbed Site Security Policy (SSP), designed to protect
> against XSS, CSRF, and malware-laced IFRAME attacks The prototype
> Firefox SSP add-on aims to provide website owners with granular
> control over what the third-party content they include is allowed to
> do and where its supposed to originate.
This appears to be "solving the mashup problem with ACLs". I was hoping
one of the Caja guys might write them some comments that sugest a
simpler, more usable and more flexible solution to the same problem.
More information about the cap-talk
mailing list