Updates and one thing to keep an eye on

js-shield

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updates and one thing to keep an eye on

From:	Giorgio Maone
Subject:	Updates and one thing to keep an eye on
Date:	Thu, 4 Mar 2021 23:06:04 +0100
User-agent:	None of Your Business 1.0

Hi folks,

I've been working on the workers (!) problem
https://github.com/polcak/jsrestrictor/issues/56 this week, and it's
pretty hairy indeed, especially if we need to patch
ServiceWorkerGlobalScope: no way to do it in Chromium other than maybe
warning the users and let them decide whether taking the risk or cripple
the site, and a quite invasive hack in Firefox, by using
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/filterResponseData

I've just commented on the dynamic content scripts bug advocating for
our cause: https://bugs.chromium.org/p/chromium/issues/detail?id=1054624#c19

Another thing to keep an eye on is this paper which will be presented in
August at the USENIX Security Symposium:

https://orenlab.sise.bgu.ac.il/p/PP0

It seems an attack against our own threat model entirely in CSS, with no
JS :(

Best,

-- 
Giorgio Maone
https://maone.net

[Prev in Thread]

Current Thread

[Next in Thread]

Updates and one thing to keep an eye on, Giorgio Maone <=

Prev by Date: Work on docs
Next by Date: Re: Work on docs
Previous by thread: Work on docs
Next by thread: Development meeting notes march 5
Index(es):
- Date
- Thread