W3C home > Mailing lists > Public > public-cdf@w3.org > January 2006

CDR: Security exceptions and events

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 2 Jan 2006 01:36:09 -0800
Message-Id: <2660F98D-5E77-44B9-9D7C-BFA1C93B89C6@apple.com>
To: public-cdf@w3.org


Section 2.1.2

"Accessing the parent document through the DOM can be disabled for
security reasons. In such cases user agents should throw a
SecurityException as defined in section 2.1.4."

Section 2.1.3

"Accessing the child document through the DOM can be disabled for
security reasons. In such cases user agents should throw a
SecurityException as defined in section 2.1.4."

Section 2.1.4 SecurityException

- I strongly recommend against security exceptions. The  
generallyaccepted best security practices are silent failure when an  
attempted intrusion is detected. Otherwise the attacker may gain  
useful information. Therefore it would be best to just return nil in  
cases where access is disabled for security reasons, and to remove  
the exception. This also matches de facto behavior of similar  
features in existing UAs (window.frameElement for instance, which  
just returns nil rather than throwing an exception).


Section 2.2.2

"When a document breaks through the user agent security policy, user  
agents are encouraged to dispatch a security event in the http:// 
www.w3.org/2005/10/cdf namespace on the document object."

- Surely this should say "attempts to break through the user agent  
security policy".

- Which document object? The parent? The child? The document  
attempting to violate policy? The document that is the target of the  
attempted violation? Please clarify this in the specification.

- Security events are a bad idea for the same reason as security  
exceptions. I recommend removing them from the spec.
Received on Monday, 2 January 2006 09:36:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:40 GMT