From 2bba18ce298ac74c28ec2d4b30e5897c8a7b01bd Mon Sep 17 00:00:00 2001 From: nejucomo <> Date: Mon, 16 Mar 2009 22:31:31 +0000 Subject: [PATCH] [Imported from Trac: page GSoCIdeas2010, version 18] --- GSoCIdeas2010.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/GSoCIdeas2010.md b/GSoCIdeas2010.md index 8c7c77f..44c2307 100644 --- a/GSoCIdeas2010.md +++ b/GSoCIdeas2010.md @@ -14,11 +14,11 @@ What could a smart student do in one summer, if they didn't need to worry about * An interactive tree browser web frontend. * A blog-like app (perhaps addressing tiddly wishlist items) * Port another light-weight server open source web app to Tahoe+javascript (calendar, photo album) - * Fix Same-Origin-Policy design issue. Web content from different authors can interact in unintended ways in the victims browser, such as [JavaScript](JavaScript) iterating over open windows, or peeking at a referrer header. Before this project is undertaken, the problem description and proposed solutions need careful design review and consideration! The solutions should be considered prototypes and should be backwards compatible with the Tahoe network. + * Fix Same-Origin-Policy design issue. Web content from different authors can interact in unintended ways in the victims browser, such as Javascript iterating over open windows, or peeking at a referrer header. Before this project is undertaken, the problem description and proposed solutions need careful design review and consideration! The solutions should be considered prototypes and should be backwards compatible with the Tahoe network. * Domain Mangling approaches: * HTTP proxy approach * Special scheme handling in browser add-ons - * CAJA approach: + * CAJA approach: Require all Javascript to pass the CAJA verifier in the Tahoe web frontend, then create an interface to the tahoe webapi which matches the intended capability semantics. # Mentors Who is willing to spend about five hours a week (according to Google) helping a student figure out how to do it right?