We conduct an analysis of access control mechanisms in the browser and note that support for mashups and defences against cross-site scripting attacks are both moving from ad-hoc measures towards solutions where the browser enforces access control policies obtained from a host (CORS and CSP respectively). We also point out the degree of trust these solutions have to take for granted.
展开▼