random thoughts, formed in the twisted mind of a coder... RSS 2.0
# Tuesday, 04 August 2009

As you can read in some of my articles (like JavaScript Injection), browsers remain to have security issues even though they are compliant to the webstandards.

This says something about the users using them, but also about the standards.
What amazes me is that there isn't any HTML element defined which locks the HTML page from being altered.

As a lot of pages don't need to be dynamically updated by Ajax or any form of scripting, it should be possible for such a page to be locked. When a page is locked, the browser must prevent any updates to the (rendered) source. So, no new elements may be created, altered or deleted. And the same goes for the element attributes.

What would be even better, is that sections of pages can be individually locked. For example, using a <locked></locked> element. Everything that is inside of the locked element cannot have any DOM alterations. That way, even a page which does use Ajax or any form of dynamic scripting can secure itself by locking portions of the page. Controlling which parts of the document can be altered and which parts cannot.

The DOM must be restricted in a way that a Locked element can never be deleted.

As far as my understanding goes, it would be fairly simple to implement such an element into the HTML and XML DOM. And it would make all the compliant browsers a lot safer.

You might even consider online banking again... ;-)

Tuesday, 04 August 2009 15:49:23 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]
Script and HTML | Security
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2017
Martijn Thie
Sign In
Statistics
Total Posts: 18
This Year: 0
This Month: 0
This Week: 0
Comments: 168
All Content © 2017, Martijn Thie
DasBlog theme adapted from 'Business' (originally by delarou)