W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: Interaction with Workers (was Re: setTimeout error handling)

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 29 Mar 2011 09:33:22 +0100
Message-ID: <BANLkTi=e_uSPBrMruUMCsrcbFfS_37-JfQ@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On 29 March 2011 01:05, Adam Barth <w3c@adambarth.com> wrote:

> How do these requirements interact with workers?  For example, workers
> have setTimeout and setInterval as well.  Also, there's an
> importScripts API in WorkerContext.  Should that be restricted by
> script-src?

ImportScripts sends cookies too, it would be useful to prevent that which
would then enable workers to execute user supplied JavaScript.
Received on Tuesday, 29 March 2011 08:33:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC