W3C home > Mailing lists > Public > public-script-coord@w3.org > April to June 2015

[Bug 28778] New: Should probably perform security checks on arguments too, not just this values

From: <bugzilla@jessica.w3.org>
Date: Mon, 08 Jun 2015 02:11:04 +0000
To: public-script-coord@w3.org
Message-ID: <bug-28778-3890@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=28778

            Bug ID: 28778
           Summary: Should probably perform security checks on arguments
                    too, not just this values
           Product: WebAppsWG
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: WebIDL
          Assignee: cam@mcc.id.au
          Reporter: bzbarsky@mit.edu
        QA Contact: public-webapps-bugzilla@w3.org
                CC: mike@w3.org, public-script-coord@w3.org

Otherwise any API that takes a Window or EventTarget argument and operates on
it without a security check is a security hole.  It's simpler to just do the
security check in the IDL layer, imo.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 8 June 2015 02:11:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 8 June 2015 02:11:13 UTC