W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2016

[Bug 29437] New: Parsing a JWK can have side-effects if not done very carefully

From: <bugzilla@jessica.w3.org>
Date: Mon, 08 Feb 2016 22:18:51 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-29437-7213@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=29437

            Bug ID: 29437
           Summary: Parsing a JWK can have side-effects if not done very
                    carefully
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: bzbarsky@mit.edu
                CC: public-webcrypto@w3.org
  Target Milestone: ---

The algorithm in https://www.w3.org/TR/WebCryptoAPI/#concept-parse-a-jwk will,
if executed in the page global, generally run getters from Object.prototype for
any fields missing in the JSON during the IDL dictionary type conversion.  Is
this the intended behavior?  Or is the intent that this parsing happens in some
global other than the page global, where things like this won't be observable? 
Clearly defining this, either way, would be a good idea.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 8 February 2016 22:18:53 UTC

This archive was generated by hypermail 2.3.1 : Monday, 8 February 2016 22:18:53 UTC