Closed tiller-tolbus closed 2 months ago
the main goal of sky's security model is to ensure:
the main paths forward are:
methods:
~hanfel's idea for iframe security:
discussion stub: iframe sandboxing as it relates to css and js injection
Solved by #101.
How does Sky prevent nodes from falsifying their identity when making requests? What is our long-term strategy towards closing any loopholes in this?
Does Sky filter out all script tags and include enough built-in components for UI devs to get by? What is Sky's attitude towards using iframes for sandboxing?
Will Shrubbery eventually place all nodes at their own subdomains so that they can handle their own client-side authentication?