Upload File

cross document messaging, html 5

13
Cross document messaging Kristoffer Snabb

Upload: kristoffer-snabb

Post on 10-May-2015

1.644 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: cross document messaging, html 5

Cross document messaging

Kristoffer Snabb

Page 2: cross document messaging, html 5

Intro

• Cross domain xhr not possible in many cases due to security restrictions

VS.• Hacks and methods developed to be able to

do cross domain messaging

Page 3: cross document messaging, html 5

Classic CSRF

Page 4: cross document messaging, html 5

Link injection

Page 5: cross document messaging, html 5

Solutions to secure websites from CSRF

• Same origin policy in browsers• Web site protection methods– Requiring a secret, user-specific token in all form

submissions and side-effect URLs prevents CSRF; the attacker's site cannot put the right token in its submissions

– Requiring the client to provide authentication data in the same HTTP Request used to perform any operation with security implications (money transfer, etc.)

– Limiting the lifetime of session cookies– Checking the HTTP Referrer header + HTTPS

Page 6: cross document messaging, html 5

How to XHR cross domain?

• Older solutions– JSONP = <script> element and GET requests– Document.domain = (www) example.com– Window.name = ”message to iframe and back”– Server-side proxy = lot of work– Iframe hacks = complex hack– http://easyxdm.net = javascript library using any of the

above• New and beautiful– CORS (w3c working draft)– Cross document messaging (HTML 5)

http://easyxdm.net/
Page 7: cross document messaging, html 5

CORS

Page 8: cross document messaging, html 5

Cross document messaging HTML 5

Page 9: cross document messaging, html 5

Comparison

• Messaging– Client side proxy– Can be made more

complex, client takes the computing overhead

– Requires messaging protocol between the actors (documents)

• Cors– Server side solution– Very simple to

implement, or configure apache to handle CORS

– Only HTTP Requests

Page 10: cross document messaging, html 5

Messaging demo

• Cross document basics

Page 11: cross document messaging, html 5

MessageChannel

• Message channel can be used to create connection between windows

• Avoid conflicts with e.g. two iframes sending messages

• Can be used as an abstraction• But origins are lost using channels and can be

seen as insecure

Page 12: cross document messaging, html 5

Conclusions

• Cross document messaging, requires a lot of implementation

• Lot’s of possibilities on client side• Channel messaging does not work yet• CORS is a viable option

Page 13: cross document messaging, html 5

Articles

• “A Mashup Tool for Cross-Domain Web Applications Using HTML5 Technologies”, Akiyoshi Matono, Akihito Nakamura, and Isao Kojima, 2011

• “Robust Defenses for Cross-Site Request Forgery”, Adam Barth, Collin Jackson, John C. Mitchell, 2008

• “Automatic and Precise Client-Side Protection against CSRF Attacks”, Philippe De Ryck, Lieven Desmet, Wouter Joosen, and Frank Piessens, 2011

• “Securing Frame Communication in Browsers”, By Adam Barth, Collin Jackson, and John C. Mitchell, 2008


Shades of lightweight: Supporting cross- generational ...€¦ · generational communication through home messaging Siân E. Lindley ... including in a cross-generational context

Indian Statistical Institutejammalam.faculty.pstat.ucsb.edu/html/Some Publications... · 2018-05-11 · Indian Statistical Institute Statistical Analysis of Cross-Bedding Azimuths

HTML Introduction to HTML Tags. HTML Document My first HTML document Hello world!

Goizueta Business Library - Simmons Insightsbusiness.library.emory.edu/documents/databases/simmons...consumer messaging, cross-channel marketing, and media planning tactics. Simmons

Cross-Platform Mobile Apps with HTML and PhoneGapgotocon.com/dl/goto-amsterdam-2012/slides/... · Cross-Platform Mobile Apps with HTML and PhoneGap Christophe Coenraets @ccoenraets

HTML. Basic HTML HTML document – HTML headings – to HTML paragraphs – HTML links – HTML images –

Cross-Language Program Slicing for Dynamic Web …ckaestne/pdf/fse15_webslice.pdf · Cross-Language Program Slicing for Dynamic Web Applications ... embedded code: SQL, HTML,

MAC/PHY Cross-Layer Design for Improved Vehicular … Cross-Layer Design for Improved Vehicular Safety Messaging Reliability and Simulation Environment Design By William G. Cassidy

Mobile Frameworks Architecting Cross-Platform · Architecting Cross-Platform Mobile Frameworks. Motivation Two extremes Fully native Fully HTML+JS How can we get the best of both

Robot Web Tools: Efficient Messaging for Cloud Robotics · 2021. 3. 4. · Projects in the space have supported a variety of cross-language and cross-platform tools that promote

HTML BTEC National in Computing Section5. Create Information “HTML: defining HTML, discussing HTML uses and demonstrating HTML basics, HTML structure…

Hybrid Messaging: The future of cross platform messaging | SMS, Voice & Push Combined

SECURITY IN MOBILE MESSAGING · ment of messaging applications and security features through the last 25 years. The main aim of the case is to find a free of charge cross-platform

Script-Free HTML: Preventing Cross-Site Scripting While Permitting

Messaging is an important means of communication between two systems. There are 2 types of messaging. - Synchronous messaging. - Asynchronous messaging

VideoPal: Exploring Asynchronous€¦ · VideoPal: Exploring Asynchronous Video-Messaging to Enable Cross-Cultural Friendships Honglu Du1, Kori Inkpen2, Konstantinos Chorianopoulos3,

Introduction to HTML5APIs spun off HTML5 •Web Workers API •Web Messaging APIs (cross-doc/ postmg + channel messaging) •WebSocket API + Protocol; & Server-Sent Events

Building Cross Platform Mobile (Smartphone) Apps With Ruby & Html – An Introduction To Rhodes V3

Avaya Aura® Messaging 6 - · PDF file– Avaya Aura® Messaging 6.1 – Modular Messaging 5.2 – Communication Manager (CM) Messaging 6.0

Smartphones, App-stores and HTML 5 - OWASP · HTML5 Security Analysis 51 • HTML 5 specification • Cross-origin messaging specification –XML Http Request levels 1 and 2 –Uniform

Providing an IM Cross-Platform Game Engine for Text ...€¦ · Providing an IM Cross-Platform Game Engine for Text-Messaging Games Victor T. Sarinho, Gabriel S. de Azevedo, Filipe

Messaging Patterns Proposal to change FpML Messaging

SECURE MESSAGING SECURE MESSAGING

Cisco Voice Messaging€¦ · messaging systems share a messaging backbone that spans all locations. Message delivery from the distributed messaging systems occurs via the messaging

Cross-Platform Mobile Apps with HTML, JavaScript, …gotocon.com/dl/qcon-london-2012/slides/Christophe...Cross-Platform Mobile Apps with HTML, JavaScript, and PhoneGap Christophe Coenraets

esp. HTML injection and XSS (Cross Site Scripting)

WEB402 Cross-Platform Interoperability Yasser Shohoud Program Manager XML Messaging Team Microsoft Corporation

RoadMap Platform for Infrastructural Services · 1999. 11. 16. · • Provides instant messaging service via Web, 1/2-way pagers, PDAs, etc. – Automatic Java Interface to HTML

Introduction to HTML. Topics HTML –What is HTML –Parts of an HTML Document –HTML Tags

Better Voice & Messaging - Better Voice & Text Messaging

Integrating sms into your cross channel messaging strategy

SMARTPHONE CROSS-PLATFORM FRAMEWORKS · SMARTPHONE CROSS-PLATFORM FRAMEWORKS – A CASE STUDY Degree Programme Media Engineering Tutor(s) MANNINEN, Pasi Assigned by ... HTML, CSS

- unitn.itlatemar.science.unitn.it/segue_userFiles/...100929082241-phpapp01.pdf · WebSQL Storage Offline Applications Draggable Cross-Domain Messaging Web Sockets

M3 Cross Marketing.The Power of Messaging Media and Marketing

Web Services Reliable Messaging (WS-Reliable Messaging)