|
|
|
|
|
|
by tptacek
5097 days ago
|
|
|
Yes! This is a great paper which made surprisingly little noise given how important it is. The idea is: stipulate that no attacker can ever inject Javascript into a browser. Assume we solve that problem completely. Now, how secure are DOM-based applications? Turns out: not that much more secure. Lots of very clever examples. |
|
|