W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2013

[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check

From: <bugzilla@jessica.w3.org>
Date: Fri, 02 Aug 2013 01:12:08 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-9ACgUfocjj@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

Cameron McCormack <cam@mcc.id.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #9 from Cameron McCormack <cam@mcc.id.au> ---
OK, I've added a term "perform a security check" that takes as input the
platform object you're using, and the ECMAScript global environment associated
with the Function object that you're calling (be it for an operation, attribute
getter/setter, etc.).  Let me know if you need something different.

I didn't add a "secure object" term; I figure you can do that check yourself in
your "perform a security check" definition.

http://dev.w3.org/cvsweb/2006/webapi/WebIDL/Overview.xml.diff?r1=1.650;r2=1.651;f=h
http://dev.w3.org/cvsweb/2006/webapi/WebIDL/v1.xml.diff?r1=1.90;r2=1.91;f=h

http://dev.w3.org/2006/webapi/WebIDL/#es-security
http://dev.w3.org/2006/webapi/WebIDL/#dfn-perform-a-security-check
http://dev.w3.org/2006/webapi/WebIDL/#dfn-attribute-getter etc.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Friday, 2 August 2013 01:12:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:37:50 UTC