When you visit a website on the modern web, you’re not really just visiting one website. If you dive into the source code, you’ll see that a page more likely than not pulls libraries and scripts from all across the Internet. These chunks of code provide advanced features that users have come to expect from interactive websites.
But third-party code also poses a security risk. By integrating such code into their sites, web developers may unintentionally expose their site visitors to bugs or malicious backdoors. With the way the web works now, a script integrated into a website could compromise user privacy and access sensitive data on that site or even in other browser tabs. Web developers are caught between the competing aims of creating a website that supports strong privacy versus providing the flexibility and features that users desire.
Now researchers from University College London and Stanford have unveiled what they are calling a solution to this dilemma.
The system is called COWL–“Confinement With Origin Web Labels”–and is purported to safely allow building web applications with third-party code but without leaking sensitive data.