On 9/4/07, Bryan Tong Minh bryan.tongminh@gmail.com wrote:
I still don't see how this javascript proxy adds extra vulnerabilities.
[snip]
It does if it's a pure proxy with no access control because I could say "Hey, Bryan load http://commons.wikimedia.org/w/api.php?tsproxy=~evil/evil.js ".. and you follow the link and evil js happily steals your session cookie and begins to replace every image with goatse.
For a proxy to present no additional security holes over what we have today it would have to limited to only work on sysop approved URLs.
I'm got the impression from Domas that what we have today isn't considered very good... but can't make a hard-security improvement on it unless we disable JS editing by sysops, which would result in a substantial loss of functionality and development resources.
It seems to me that a proxy with a access control list would actually improve security since there would be a single point to look to see what external scripts can be imported... rather than trying to track down all the places in the site JS where it's being accomplished via scrip tag injection.