Firefox/Projects/Binding for untrusted text in security dialogs: Difference between revisions
Jump to navigation
Jump to search
(Created page with '== Summary == Design and implement a common way for security dialogs to include untrusted text without compromising the rest of the dialog. The implementation might take the fo…') |
(→Team) |
||
Line 13: | Line 13: | ||
== Team == | == Team == | ||
*'''Project Lead''': | *'''Project Lead''': Blair (Unfocused) | ||
*'''Alternate Contact''': Johnath | |||
*'''Initiator''': jesse | *'''Initiator''': jesse | ||
Latest revision as of 19:31, 26 October 2009
Summary
Design and implement a common way for security dialogs to include untrusted text without compromising the rest of the dialog. The implementation might take the form of an XBL binding.
Current Status
A private page describes some of the attacks we would like to defend against, and contains a partial list of security dialogs in Firefox. It is clear that given the number of attacks and number of dialogs, ad-hoc checks are doomed to failure.
Next Steps
Related Bugs
Team
- Project Lead: Blair (Unfocused)
- Alternate Contact: Johnath
- Initiator: jesse
Designs
Goals/Use Cases
- Defend against attacks where site-supplied text breaks other parts of security dialogs.
Non Goals
- Defend against sites supplying sentences (except perhaps by setting site-supplied text apart visually).
- Defend against "badgering" attacks.
- Save the world from scareware