O'Reilly logo

The Tangled Web by Michal Zalewski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12. Other Security Boundaries

All previously described origin-level content-isolation policies, and the accompanying context inheritance and document navigation logic, work hand in hand to form the bulk of the browser security model. Impenetrable and fragile, that model is also incomplete: A handful of interesting corner cases completely escape any origin-based frameworks.

The security risks associated with these corner cases can’t be addressed simply by fine-tuning the mechanisms discussed earlier in this book. Instead, additional, sometimes hopelessly imperfect security boundaries need to be created from scratch. These new boundaries may, for example, further restrict the ability of rogue web pages to navigate to certain URLs.

This chapter ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required