Misconception: Widgets lack an origin

As well as being able to use a classic “http://domain.com” style origin, widgets can also use a custom scheme called the Widget URI scheme that typically looks like this: widget://c1[…UUID…]a66/index.html The widget URI scheme works like a “fake” HTTP server: … Continue reading

Misconception: Widgets lack a security model

Another ungrounded misconception is that widgets lack a security model. Widgets, like most things “Web”, rely on the same-origin security model defined in HTML5. However, because the HTML same-origin policy is quite liberal and prone to cross-site scripting attacks, the … Continue reading

Misconception: XML Digital Signatures is too hard to implement

Another misconception that has been around for a while is one that XML Digital Signatures and XML Canonicalization are notoriously difficult to implement correctly. This misconception seems to stem from issues that emerged in Java prior to version 1.4.1, which, … Continue reading