This project is read-only.

Javascript extensibility security risks

Aug 14, 2012 at 11:00 PM

I am concerned that if we let other developers out there in the wild create tools that can call JS from anywhere, that we will never be able to call ourselves secure at any level. Suppose that a developer creates a tool that has a useful function, but along side that function, the tool also sends the sites information back to his servers. This would in effect mean that that dev would have access to any and all information the user enters into the system.

How are we going to prevent that?

  • Can we sandbox the code coming from outside devs?
  • Do we review all tools before making them available to the public?
  • Are we going to take responsibility for ensuring that the JS doesn't behave badly?
Aug 16, 2012 at 7:24 PM

Google Chrome's approach is to notify the user when they are installing an extension as to which extensibility points the extension will use. "Access all your data" etc. Facebook does something similar. "Access your pictures and your friends pictures"