-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CREDENTIAL: Generic matching algorithm #4
Comments
Before I skim in more detail, would you mind rebasing on top of master? This patch doesn't cleanly apply locally. |
(Also, thanks for taking a stab at this!) |
From @adrianhopebailie on April 23, 2015 9:16
@mikewest Not sure why, I mistakenly committed my .gitignore but have reverted that. The changes are only in index.src.html and were on top of the latest from master. My git-fu is pretty basic, any suggestions on how to fix this? |
Something like the above should do the trick! :) |
From @adrianhopebailie on April 23, 2015 10:43 Done. Mixing and matching betwen the GUI tool and command line is a mistake! This was my first adventure into writing WebIDL definitions so there may be some tweaks required however I think it get's the genera; gist across. I'll add an example of using a custom credential (defined in script) later today as I think that will truly illustrate the reasons for the change. |
Thanks for the PR! I've left a number of comments. I'm fine with the central suggestion of exposing the matching algorithm, as that seems to allow some extensibility. However, I don't like the fact that this makes the use cases the document actually intends to address more complex. Especially in the case of It's also not clear to me that Does "filtering" fit into @dlongley's modeling of the world? It's not clear that it does. |
From @adrianhopebailie on April 27, 2015 20:23 @mikewest I've been poring over this and I have come to conclusion that it won't work... The issue is that trying to create something extensible to the developer means creating a callback that could potentially open a security hole since the code is defined and executed against the DOM. A |
What's the threat model you're worried about? If an attacker can define an arbitrary callback, they can already execute arbitrary code in your origin, can't they? |
From @adrianhopebailie on April 28, 2015 14:41 Again, I may be showing my ignorance wrt the differentiation between the execution context of code behind a browser API vs that defined on the DOM within client scripts. My proposal was for the site to provide a script that defines a custom I like the idea of the extensibility you get from encapsulating the filtering logic in that function but don't really understand enough about the line between the two execution contexts within the browser to add anything more to this proposal. |
From @adrianhopebailie on April 22, 2015 23:25
This change updates the model for
Credential
to include anisMatch()
function hook which is called during processing of the Credential request algorithm. The hook can be overridden by developers designing their ownCredential
classes in script therefor making the API flexible and extensible through ECMAScript.Resolves #274
Copied from original issue: w3c/webappsec/pull/292
The text was updated successfully, but these errors were encountered: