W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2013

[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check

From: <bugzilla@jessica.w3.org>
Date: Wed, 14 Aug 2013 20:48:15 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-CONEbjyB2x@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
          Component|WebIDL                      |HTML
         Resolution|FIXED                       |---
           Assignee|cam@mcc.id.au               |ian@hixie.ch
            Product|WebAppsWG                   |WHATWG
   Target Milestone|---                         |Unsorted
         QA Contact|public-webapps-bugzilla@w3. |contributor@whatwg.org
                   |org                         |

--- Comment #10 from Ian 'Hixie' Hickson <ian@hixie.ch> ---
Sounds good. I'm taking this back to do my side.

I guess I have to have a single "perform a security check" algorithm that then
defers to interface-specific algorithms if they exist, and is a noop otherwise.

What am I supposed to return? Or am I just supposed to throw if it fails, and
do nothing if it passes? It doesn't look like you check the return value or
handle exceptions (e.g. by aborting the calling algorithm) from this, but maybe
I'm missing some general rule for interpreting WebIDL algorithms.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 14 August 2013 20:48:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:37:50 UTC