Web browser security is broken. Completely shattered.
Here are 3 web browser security enhancements I’d like to see. The sooner the better.
1) Restrict websites with public IP’s from including content from websites with non-routable IP address (RFC 1918)
2) Browser integration of Secure Cache, Safe History, and Netcraft’s anti-XSS URL features in their toolbar
The name says it all. There are excellent extensions and provide a good amount of security that all users can benefit by. Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell from Stanford and the guys from Netcraft did a great job. I don’t know what Mozilla’s policy is on this kind of thing, but this is one they should definitely consider building in by default. Another feature I’d like to see is restriction of any non-alphanumeric character in the fragment portion of the URL. Designed to stop DOM-based XSS and UXSS.
Content-Restrictions. Are we there yet?
> "I’d like to see is restriction of any non-alphanumeric character in the fragment portion of the URL."
Oh, I wouldn't like that. Fragment is a great way to store state of "AJAX" applications in URL (so it can be saved in a bookmark, shared, etc.)
To store state you would need more than alpha-numeric characters? Especially meaning like > and < for example?
Browser do too much. They're like a little OS inside the OS now, and they're being beaten up badly. Basically being kicked in the head while they're already curled up in the fetal position on the ground out cold. I'd love to see browsers take about 10 steps back and move away from "do all be all every function you can imagine" tools.
Sadly, that may never happen, but I like your list in this post. These are very doable things for every browser vendor with these issues.
It certainly seems that way, and your example isn't too far off. I guess that's why we have the new buzzword WebOS being carried about.
Post a Comment