W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2009

[Bug 8125] Can it be specified somewhere that script can define a variable named "top" with 'var top' in a global context? This is currently inconsistent across browsers.

From: <bugzilla@wiggum.w3.org>
Date: Thu, 29 Oct 2009 23:46:13 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1N3eh3-00029N-QV@wiggum.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=8125


Adam Barth <w3c@adambarth.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |w3c@adambarth.com




--- Comment #1 from Adam Barth <w3c@adambarth.com>  2009-10-29 23:46:13 ---
Letting script define a global variable named top is a security vulnerability. 
It's only inconsistent because I haven't gotten around to convincing everyone
of that fact yet.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 29 October 2009 23:46:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 October 2009 23:46:44 GMT