.@estark37 has put together an interesting exploration of isolating web applications for security: https://mikewest.github.io/isolation/explainer.html … Feedback welcome!
hm. what about external links actually pointing back to the isolated origin? Some "external" attribute for <a>?
-
-
think reflected XSS triggered via link in user-submitted rich text comment on the same origin
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
or just reuse rel=noreferrer for this?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
basically, an attribute that forces same-origin links to be treated as cross-isolation-context
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I think pentesters will search for external links in site-isolated apps. HTTP redirect, oauth redirect, <a href>, ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.