[转载]JavaScript Breaks Free

文章作者：Markus Jakobsson, Zulfikar Ramzan, and Sid Stamm
原始出处：http://seclab.cs.rice.edu/w2sp/2007/

本文章是Web 2.0 Security & Privacy 2007会议议题。

The web has become richer with content, and a host of technologies are in place to improve
interactivity { whether between the web browser and web server or between the browser and other desktop applications and network devices. Consequently, there is a greater burden on Web scripting languages to not only support this °exibility, but to do so in a way that does not increase new security risks. While the web browser used to have the responsibility of interpreting web languages and displaying the results, we take the position that the environment with which the user interacts with the web is much more complex and the policies governing these boundaries needs to be better understood (and better enforced). There have been a host of powerful attack concepts that trespass the existing loosely protected boundary, and allow the attacker to in