Download now Free registration required
Many web sites embed third-party content in frames, relying on the browser's security policy to protect them from malicious content. Frames, however, are often insufficient isolation primitives because most browsers let framed content manipulate other frames through navigation. The paper evaluates existing frame navigation policies and advocate a stricter policy, which the paper deploys in the open-source browsers. In addition to preventing undesirable interactions, the browser's strict isolation policy also hinders communication between cooperating frames. The paper analyzes two techniques for inter-frame communication.
- Format: PDF
- Size: 3584 KB