- From: Maciej Stachowiak <mjs@apple.com>
- Date: Mon, 2 Jan 2006 01:36:09 -0800
- To: public-cdf@w3.org
Section 2.1.2 "Accessing the parent document through the DOM can be disabled for security reasons. In such cases user agents should throw a SecurityException as defined in section 2.1.4." Section 2.1.3 "Accessing the child document through the DOM can be disabled for security reasons. In such cases user agents should throw a SecurityException as defined in section 2.1.4." Section 2.1.4 SecurityException - I strongly recommend against security exceptions. The generallyaccepted best security practices are silent failure when an attempted intrusion is detected. Otherwise the attacker may gain useful information. Therefore it would be best to just return nil in cases where access is disabled for security reasons, and to remove the exception. This also matches de facto behavior of similar features in existing UAs (window.frameElement for instance, which just returns nil rather than throwing an exception). Section 2.2.2 "When a document breaks through the user agent security policy, user agents are encouraged to dispatch a security event in the http:// www.w3.org/2005/10/cdf namespace on the document object." - Surely this should say "attempts to break through the user agent security policy". - Which document object? The parent? The child? The document attempting to violate policy? The document that is the target of the attempted violation? Please clarify this in the specification. - Security events are a bad idea for the same reason as security exceptions. I recommend removing them from the spec.
Received on Monday, 2 January 2006 09:36:24 UTC