Web browser security is broken. Completely shattered.
Here are 3 web browser security enhancements I’d like to see. The sooner the better.
1) Restrict websites with public IP’s from including content from websites with non-routable IP address (RFC 1918)
2) Browser integration of Secure Cache, Safe History, and Netcraft’s anti-XSS URL features in their toolbar
The name says it all. There are excellent extensions and provide a good amount of security that all users can benefit by. Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell from Stanford and the guys from Netcraft did a great job. I don’t know what Mozilla’s policy is on this kind of thing, but this is one they should definitely consider building in by default. Another feature I’d like to see is restriction of any non-alphanumeric character in the fragment portion of the URL. Designed to stop DOM-based XSS and UXSS.
Content-Restrictions. Are we there yet?