I’ve written about Same Origin Policy a bunch over the years, with a blog series mapping it to the Read/Write/Execute mental model. More recently, I wrote about why Content-Type headers matter for same-origin-policy enforcement. I’ve just read a great paper on cross-origin infoleaks and current/future mitigations. If you’re interested in browser security, it’s definitely worth a read.
Tag Archives: standards
Building the moarTLS Analyzer
I’m passionate about building tools that help developers and testers discover, analyze, and fix problems with their sites. Some of the first code I ever released was a set of trivial JavaScript-based browser extensions for IE5. I later used the more powerful COM-based extensibility model to hack together some add-ons that would log ActiveX controlsContinue reading “Building the moarTLS Analyzer”
HTTP Caching Public Service Announcement
There are many interesting thing to say about HTTP caching. I’ve blogged about them a lot in the past. Today’s public service announcement to clear up two extremely common misconceptions: 1. The no-cache directive does not mean “do not cache” (even though IE versions prior to IE10 implemented it that way). What it really meansContinue reading “HTTP Caching Public Service Announcement”
OpenSearch
History The new UI of Internet Explorer 7 included a dedicated search box adjacent to the address bar, like the then-new Firefox. As IE7 was built between 2004 and 2006, Microsoft didn’t have a very credible entry into the search engine market—Bing wouldn’t appear until 2009. The IE team made a wise decision in supportContinue reading “OpenSearch”
text/plain 