Hey! I'm the person who made this — I don't believe there's an actual problem here, since login cookies are set on the top-level domain (and thus are inaccessible to content on subdomains), and are HTTPOnly as well.
I do notice that Stripe sets a tracking cookie (which only happens for people who pay for the service, since I don't load the Stripe JS elsewhere), so you could track pageviews with that or something. That's unfortunate — I'll probably try to move the stripe stuff to a subdomain to avoid it — but I don't see it as a big problem.
The HTTP security model is pretty awful, so there may be something I'm missing, but I did think quite carefully about this, and allowing people to use arbitrary HTML and JS was an intentional choice.
Just a heads up,
a sister comment already pointed out the biggest "danger", but not what that means for your webapp:
Google will penalize your domain strongly as soon as anyone used your service for malicious content.
You might even get blocked entirely if you are particularly unlucky.
That's also the reason why GitHub pages is hosted under github.io instead of GitHub.com for example.
I don't actually see a problem. It goes against my gut reaction but given the pages that are published are entirely isolated there is no more of a threat than someone publishing whatever they want on another web host. There is no user information to hijack, no cookies, no login buttons, no local storage, no auth etc.
Yes, the pages can publish illegal information, be set up as phishing hubs, but none of that is as a result of JS being executable. Web hosts all have exactly the same risks to deal with, their users can also host anything they wish.
The owner's challenge is with the content they are opening up to hosting, and it will become an overhead to police that. If they decide to add buttons like "report content" then those will be able to be hijacked by the publisher and become useless.
Google will flag the entire domain in Safe Browsing. Unless you are a big company with a legal team, getting off the Safe Browsing flag list is a days or weeks long nightmare.
My point is, the service simply hosts HTML, ostensibly this is the same as any consumer web host. So whatever attack vector you can think of exists on Dreamhost or Godaddy pages, for instance.
I understand, but you can't have it both ways: You can either build a minimal Twitter clone that limits user-submitted content and not worry too much about security/abuse, or you can build a web host. The latter entails a comparatively enormous amount of responsibility you don't seem keen to take on.
I have worked for companies that offered commercial web host services and it is a massive security undertaking. I'm still not 100% convinced it's possible to offer a profitable, truly secure web host without compromising on feature set.
Just FYI - in many interviews, you can just say "Sorry, I'm having a panic attack. Could we do this tomorrow?". One of my friends had a panic attack during her Google interview, left came back the next day, and got the job.
So, YMMV, but people are often able to be accommodating for things like this :)
The original pens are, AFAICT, somewhat hard to come by, but we modded the pen carousel and have a 3d printed holder to put more modern pens in. With this mod, the TCO doesn't seem to high, although I didn't initially purchase/set it up, and I haven't had to do serious maintenance yet.
Whenever people talk about new tlds, I always think mostly about names like google.con or googl.ecom. Yeah, yeah, it's cool that you can get some awesome tld, but I don't see the point. What's wrong with .com/org/net?
I would invert the question. What's wrong with more options?
The thing that really strikes me every time the new TLD subject comes up, is that there's always a percentage of people who want to forbid creation of certain TLDs for unpredictable, idiosyncratic reasons.
"What's wrong with more options?"
Linux distro/desktop/display protocol forks come to mind...
This feels(IMHO) like more noise coming on the line for registrar profit goodness, marginal benefit to registrants & a flood of bad choices(one-offs/deliberate mimicks/etc) for the rest of the unwary netizens.
Automatic spam filters and search engines are going to down rank them heavily. It's hard to automatically evaluate domain names such as xkcd but anything under .ecom is probably trash.
Anybody could have any number of reasons for wanting a particular domain. Maybe someone will make the next del.icio.us? Maybe a TLD you don't like completes a word or phrase that makes a good brand, or is part of the next big viral trend that goes on to shape our culture in ways we wouldn't have anticipated.
Maybe people are just okay with being penalized by search engines because that's counterbalanced by other objectives. etc.
I was not suggesting that we should ban those domain names. However, using one is probably a bad idea, which makes adding them a waste of time. In the end there being added because companies know they can sell those domain names not because there useful.
A more useful option IMO is to have things default to .com if someone does not enter a domain name like how you can avoid country codes or area codes when dialing long distance.
However, by adding a huge list of TLD's your removing that option. Even worse while .edu means something WTF does .cow or .zzl mean? At best there is simply going to be another .com land grab except now seeing yourbank.bank or yourbank.bnk does not mean it's actually yourbank.
As if to prove my point, you're using really random, idiosyncratic reasons to prevent creation of TLDs, and neglecting to consider that they might have any number of values we are yet to anticipate.
They don't need a reason to be added, other than offering more choice and more possibilities. You can not like them all you want, that doesn't mean they won't have value or that people shouldn't be free to explore the possibilities as they please.
Let's hope not. I could never remember where that first dot went and usually took at least a couple of goes to find the site. Thankfully they can now be found at the less 'look how clever we've been', but infinitely easier to remember delicious.com
It launched a catchy brand that was for a time the most dominant social bookmarking site on the internet. I don't think they would have chosen to do anything differently with respect to their original domain name.
Currently, the "loophole" in 2FA is that almost no one enables it. Although it's great that Google offers it, it doesn't help when >95% (Just a guess off the top of my head, but seems reasonable) of people don't enable it.
I only know one person who uses 2FA, besides myself, yet almost everyone that I know uses GMail.
The HTML is loading very slowly - it took 30 seconds in one attempt. And the images aren't working at all.
Oh, you're hosting it from your home DSL line? Bandwidth is the problem. Maybe you should save everything into a Dropbox public folder and link it here.
> Oh, you're hosting it from your home DSL line? Bandwidth is the problem. Maybe you should save everything into a Dropbox public folder and link it here.
I do notice that Stripe sets a tracking cookie (which only happens for people who pay for the service, since I don't load the Stripe JS elsewhere), so you could track pageviews with that or something. That's unfortunate — I'll probably try to move the stripe stuff to a subdomain to avoid it — but I don't see it as a big problem.
The HTTP security model is pretty awful, so there may be something I'm missing, but I did think quite carefully about this, and allowing people to use arbitrary HTML and JS was an intentional choice.
Is there a particular threat model you see here?