W3C home > Mailing lists > Public > public-script-coord@w3.org > April to June 2013

[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check

From: <bugzilla@jessica.w3.org>
Date: Thu, 13 Jun 2013 04:56:23 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-Cf4yO78YhD@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

--- Comment #1 from Boris Zbarsky <bzbarsky@mit.edu> ---
The way we plan to implement this in Gecko, conceptually, is that we always
check that the thisobj is same-origin with us except for a whitelist of
properties and methods that we plan to annotate as not needing such a check in
the IDL.

This does happen precisely during the step you cite, when we're checking that
the thisobj is of the right type.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Thursday, 13 June 2013 04:56:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:37:49 UTC