W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

[Bug 13229] New: The following text from the "Security considerations" part of "11 IANA considerations" is wrong: "An event stream from an origin distinct from the origin of the content consuming the event stream can result in information leakage. To avoid this, user agen

From: <bugzilla@jessica.w3.org>
Date: Wed, 13 Jul 2011 00:09:45 +0000
To: public-webapps@w3.org
Message-ID: <bug-13229-2927@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13229

           Summary: The following text from the "Security considerations"
                    part of "11 IANA considerations" is wrong: "An event
                    stream from an origin distinct from the origin of the
                    content consuming the event stream can result in
                    information leakage. To avoid this, user agen
           Product: WebAppsWG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#top
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Server-Sent Events (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: member-webapi-cvs@w3.org
                CC: mike@w3.org, public-webapps@w3.org


Specification: http://dev.w3.org/html5/eventsource/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
The following text from the "Security considerations" part of "11 IANA
considerations" is wrong:

"An event stream from an origin distinct from the origin of the content
consuming the event stream can result in information leakage. To avoid this,
user agents are required to block all cross-origin loads."

Posted from: 2620:101:8003:200:226:bbff:fe05:3fe1
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1)
Gecko/20110707 Firefox/8.0a1 Firefox/8.0a1

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Wednesday, 13 July 2011 00:09:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:46 GMT