W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [D3E] Possible Changes to Mutation Events

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 17 Jul 2008 15:20:42 -0700
Cc: Kartikaya Gupta <lists.webapps@stakface.com>, Boris Zbarsky <bzbarsky@MIT.EDU>, public-webapps <public-webapps@w3.org>
Message-Id: <DF11925C-5AF3-46D6-8FF1-B4C0504BDC2E@apple.com>
To: Jonas Sicking <jonas@sicking.cc>


On Jul 17, 2008, at 2:50 PM, Jonas Sicking wrote:

>
> Kartikaya Gupta wrote:
>> On Thu, 17 Jul 2008 11:48:52 -0400, Boris Zbarsky  
>> <bzbarsky@MIT.EDU> wrote:
>>>> There are countless other
>>>> implementations of MutationEvents out in the world
>>>> (http://google.com/codesearch?hl=en&lr=&q=DOMNodeRemoved+-mozilla+-webcore&sbtn=Search 
>>>> ).
>>>> They exist in more languages and are used in more contexts than I
>>>> care to enumerate
>>> That's fine.  How many of those contexts have to assume that all DOM
>>> access is malicious?
>> More than zero, I think. There's at least one gtk implementation  
>> that (at a quick glance) would have to deal with potentially  
>> malicious users.
>
> And how well is gtk dealing with this? Has anyone done any extensive  
> testing, such as fuzzing, to try to do evil things inside these  
> mutation listeners?

Just from code inspection it looks like it will do the wrong thing,  
there is no attempt to revalidate after firing the remove mutation  
event. Note that in the case of libgdome the callers of DOM APIs and  
receivers of mutation events will be native applications, so they are  
probably not considered untrusted in the same way as Web content.

Regards,
Maciej
Received on Thursday, 17 July 2008 22:21:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT