Connect with us

Hi, what are you looking for?


W3C Prepares Guidance For Web Development In A Post-Spectre World – Phoronix




An editor’s draft for post-Spectre web development guidance was made available by the W3C.

The W3C is preparing guidelines for web developers in better ensuring their code is safe from potential exploit by Spectre security vulnerabilities. Spectre has been public since January 2018 and concerns have been known around JIT’ed JavaScript. Made public recently though was the first “fully weaponized” exploit for Spectre beyond the early proof-of-concept code.

The editor’s draft of “Post-Spectre Web Development” outlines recommendations for handling of requests, restricting any attackers’ ability to load data as a document or sub-resource, preventing MIME-type confusion attacks, and restricting any attackers’ ability to handle the window.

Post-Spectre, we need to adopt some new strategies for safe and secure web development. This document outlines a threat model we can share, and a set of mitigation recommendations.

TL;DR: Your data must not unexpectedly enter an attacker’s process.

The current draft can be found at



Click to comment

Leave a Reply

Alamat email Anda tidak akan dipublikasikan.

Artikel Lainnya