Re: Interaction with Workers (was Re: setTimeout error handling) from gaz Heyes on 2011-03-29 (public-web-security@w3.org from March 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 29 Mar 2011 09:33:22 +0100
To: Adam Barth <w3c@adambarth.com>
Cc: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
Message-ID: <BANLkTi=e_uSPBrMruUMCsrcbFfS_37-JfQ@mail.gmail.com>

On 29 March 2011 01:05, Adam Barth <w3c@adambarth.com> wrote:

> How do these requirements interact with workers?  For example, workers
> have setTimeout and setInterval as well.  Also, there's an
> importScripts API in WorkerContext.  Should that be restricted by
> script-src?
>

ImportScripts sends cookies too, it would be useful to prevent that which
would then enable workers to execute user supplied JavaScript.

Received on Tuesday, 29 March 2011 08:33:55 UTC