W3C home > Mailing lists > Public > public-html@w3.org > November 2010

[Bug 11323] New: Don't run scripts when the owner doc isn't the inserter parser's doc or when the owner doc is not the same at "run" and "execute" time

From: <bugzilla@jessica.w3.org>
Date: Tue, 16 Nov 2010 09:55:56 +0000
To: public-html@w3.org
Message-ID: <bug-11323-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11323

           Summary: Don't run scripts when the owner doc isn't the
                    inserter parser's doc or when the owner doc is not the
                    same at "run" and "execute" time
           Product: HTML WG
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: hsivonen@iki.fi
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Context: https://bugzilla.mozilla.org/show_bug.cgi?id=592366

As a defense in depth measure, please make scripts not executable (with their
"already started" flag set!) if 
 1) For a parser-inserted script at the time of the "run" algorithm the owner
document of the script is not the document whose active parser is triggering
the "run" algorithm.
 2) If the owner doc of the script at the time of "execution" is not the same
as at the time of the "run" algorithm was invoked.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Tuesday, 16 November 2010 09:55:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:21 UTC