architecture icon indicating copy to clipboard operation
architecture copied to clipboard

Published 20 hours ago • verified publisher icon readium

Reading System Security

Open rkwright opened this issue 8 years ago • 2 comments

Aside from the issues of security related to the use of the an internal HTTP server in Readium (both 1, and now probably in 2), there are some more general issues related to the use of scripting with a browser engine. The attack vectors include:

  • iframe sandboxing
  • resource domains/origins
  • window.top/parent
  • window.frameElement.ownerDocument.defaultView

@ryanackley wrote a document on these subjects some time ago. The doc is here

rkwright avatar Nov 03 '16 16:11 rkwright

Just to be clear: Ryan wrote another document than the one linked (but I can't find it :)

danielweck avatar Nov 03 '16 16:11 danielweck

A couple of other potentially relevant sources of info from the widget work in EPUB 3.x:

rkwright avatar Nov 03 '16 16:11 rkwright