The contained page still has a number of options for annoying or malicious behavior: autoplaying video, plugins, and popups are the tip of the iceberg. The separation isn't truly robust, however. The framed content won't have access to your page's DOM, or data you've stored locally, nor will it be able to draw to arbitrary positions on the page it's limited in scope to the frame's outline. Loading some untrusted component in an iframe provides a measure of separation between your application and the content you'd like to load. Iframe elements are the first step toward a good framework for such a solution. It simply won't have access to the functionality in the first place. The result is that we no longer have to blindly trust that some piece of embedded content won't take advantage of privileges it shouldn't be using. We're as secure as we can be if we follow the principle of least privilege, and block each and every feature that isn't directly relevant to functionality we'd like to use. If it doesn't require Flash, turning off plugin support shouldn't be a problem. If a widget doesn't need to pop up a new window, taking away access to window.open can't hurt. In essence, we're looking for a mechanism that will allow us to grant content we embed only the minimum level of capability necessary to do its job. There are times when it would be useful to say "I'm not sure I actually trust this source of content, but it's soooo pretty! Embed it please, Browser, but don't let it break my site." Least Privilege # This is a major step in the right direction, but it's worth noting that the protection that most CSP directives offer is binary: the resource is allowed, or it isn't. Each widget that you embed - every ad, every social media widget - is a potential attack vector for those with malicious intent:Ĭontent Security Policy (CSP) can mitigate the risks associated with both of these types of content by giving you the ability to whitelist specifically trusted sources of script and other content. Abstaining from either isn't really an option, but both increase the risk that Something Bad™ could happen on your site. Third-party widgets can drive engagement and play a critical role in the overall user experience, and user-generated content is sometimes even more important than a site's native content. Constructing a rich experience on today's web almost unavoidably involves embedding components and content over which you have no real control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |