W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2013

[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check

From: <bugzilla@jessica.w3.org>
Date: Wed, 14 Aug 2013 22:10:31 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-LtUZInCRTt@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

Cameron McCormack <cam@mcc.id.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cam@mcc.id.au

--- Comment #11 from Cameron McCormack <cam@mcc.id.au> ---
(In reply to comment #10)
> What am I supposed to return? Or am I just supposed to throw if it fails,
> and do nothing if it passes? It doesn't look like you check the return value
> or handle exceptions (e.g. by aborting the calling algorithm) from this, but
> maybe I'm missing some general rule for interpreting WebIDL algorithms.

I documented my expectations of what you would do in the "perform a security
check" algorithm here:

  http://dev.w3.org/2006/webapi/WebIDL/#dfn-perform-a-security-check

:)

So yes, throw an exception (SecurityError I suppose?) or return normally.  Web
IDL algorithms propagate exceptions unless explicitly caught.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 14 August 2013 22:10:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:37:50 UTC