- From: Kevin E Kelly <kekelly@us.ibm.com>
- Date: Wed, 8 Mar 2006 08:41:39 -0500
- To: Maciej Stachowiak <mjs@apple.com>, public-cdf@w3.org
- Message-ID: <OF1E024C68.6948BF12-ON8525712B.004A57B9-8525712B.004AF326@us.ibm.com>
Maceij, Please find the responses below marked with [KEK], Both comments were accepted and implemented. Please let us know, within 2 weeks, if this change does not address your comments. Kevin On behalf of the CDF WG Action 348: Respond to comments 7+8 http://www.w3.org/2004/CDF/Group/track/actions/348 Message 7 http://lists.w3.org/Archives/Public/public-cdf/2006Jan/0007.html Maciej Stachowiak <mjs@apple.com> Sent by: public-cdf-request@w3.org 01/02/2006 04:36 AM To public-cdf@w3.org cc Subject CDR: Security exceptions and events Section 2.1.2 "Accessing the parent document through the DOM can be disabled for security reasons. In such cases user agents should throw a SecurityException as defined in section 2.1.4." Section 2.1.3 "Accessing the child document through the DOM can be disabled for security reasons. In such cases user agents should throw a SecurityException as defined in section 2.1.4." Section 2.1.4 SecurityException - I strongly recommend against security exceptions. The generallyaccepted best security practices are silent failure when an attempted intrusion is detected. Otherwise the attacker may gain useful information. Therefore it would be best to just return nil in cases where access is disabled for security reasons, and to remove the exception. This also matches de facto behavior of similar features in existing UAs (window.frameElement for instance, which just returns nil rather than throwing an exception). [KEK] Section 2.1.2, 2.1.3, 2.1.4 have been removed in favor of existing mechanisms only for event propogation in compound documents by refernece. Section 2.2.2 "When a document breaks through the user agent security policy, user agents are encouraged to dispatch a security event in the http:// www.w3.org/2005/10/cdf namespace on the document object." - Surely this should say "attempts to break through the user agent security policy". - Which document object? The parent? The child? The document attempting to violate policy? The document that is the target of the attempted violation? Please clarify this in the specification. - Security events are a bad idea for the same reason as security exceptions. I recommend removing them from the spec. [KEK] Section 2.2 has been removed.
Received on Wednesday, 8 March 2006 13:38:46 UTC