18
edits
Security/Features/XSS Filter: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 66: | Line 66: | ||
The goal of this feature is to automatically protect users from reflected XSS attacks. Characteristics: | The goal of this feature is to automatically protect users from reflected XSS attacks. Characteristics: | ||
* The filter should have low overhead. We are currently implementing it in plain C++, avoiding XPCOM calls where possible. | * The filter should have low overhead. We are currently implementing it in plain C++, avoiding XPCOM calls where possible. | ||
* The filter should have | * The filter should have almost no false positives (that is, it should not break existing websites in absence of an actual attack). | ||
* The filter should not rely on user input. A false positive cannot be considered a "minor annoyance" just because the user can be shown a dialog to decide whether to actually block the script. In fact, if the filter is compatible enough, it should not be easily disabled. | * The filter should not rely on user input. A false positive cannot be considered a "minor annoyance" just because the user can be shown a dialog to decide whether to actually block the script. In fact, if the filter is compatible enough, it should not be easily disabled. | ||
* The filter should not introduce new vulnerabilities in existing websites (i.e. universal XSS a la IE8). | * The filter should not introduce new vulnerabilities in existing websites (i.e. universal XSS a la IE8). | ||