W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: defineProperty is a blacklist

From: gaz Heyes <gazheyes@gmail.com>
Date: Mon, 14 Feb 2011 07:44:16 +0000
Message-ID: <AANLkTi=J9b=WzX+R5HkLorSSNH3H0m-D-pT-O0m9-cYV@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: public-web-security@w3.org
On 13 February 2011 21:55, sird@rckc.at <sird@rckc.at> wrote:

> What about JS Workers?

Last time I checked webworkers they didn't seem to allow the removal of all
properties from a worker, in addition it was possible to create requests
that included cookies from the site.This is a perfect example of the need
for a whitelist.


> I know they are async, but may work? What's the use case you are trying to
> solve?

I simply want to freeze or disable properties of a object that are unknown
and do not match a whitelist. Most useful in a sandbox situation.
Received on Monday, 14 February 2011 07:44:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC