Abstract | ||
---|---|---|
Social networks have begun supporting external content integration with platforms like OpenSocial and the Facebook API. These platforms let users install third- party applications and are a popular example of a mashup. Content integration is often accomplished by proxying the third-party content or importing third-party scripts. However, these methods introduce serious risks of user impersonation and data exposure. Modern browsers provide no mechanism to differentiate between trusted and untrusted embedded content. As a result, content providers are forced to trust third-party scripts or ensure user safety by means of server-side code sanitization. We demonstrate the difficulties of server-side code filtering -- and the ramifications of its failure - with an example from the Facebook Platform. We then propose browser modifications that would distinguish between trusted and untrusted content and enforce their separation. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1145/1435497.1435502 | SNS |
Keywords | Field | DocType |
popular example,facebook platform,facebook api,proxied content,third-party content,content provider,untrusted embedded content,untrusted content,external content integration,third-party script,content integration,trusted third party,mashups,social network,same origin policy | Same-origin policy,Mashup,Internet privacy,World Wide Web,Social network,Computer science,Scripting language | Conference |
Citations | PageRank | References |
14 | 1.35 | 7 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Adrienne Porter Felt | 1 | 2225 | 125.24 |
Pieter Hooimeijer | 2 | 598 | 26.19 |
David Evans | 3 | 1374 | 85.14 |
Westley Weimer | 4 | 3510 | 162.27 |