Re: [w3c/browser-payment-api] Security hole in payment API when a constructor from a no longer active document is invoked (#361) from Simon Pieters on 2016-12-15 (public-webpayments-specs@w3.org from December 2016)

From: Simon Pieters <notifications@github.com>
Date: Thu, 15 Dec 2016 06:15:19 -0800
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/361/267337263@github.com>

Active document check:
https://github.com/whatwg/html/pull/2160

Always invoking "allowed to use":
https://github.com/w3c/browser-payment-api/pull/383

Tests:
https://github.com/w3c/web-platform-tests/pull/4309

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/361#issuecomment-267337263

Received on Thursday, 15 December 2016 14:16:11 UTC