- From: Cameron McCormack <cam@mcc.id.au>
- Date: Tue, 08 Jan 2013 10:20:20 +1100
- To: David Bruant <bruant.d@gmail.com>
- CC: Jonas Sicking <jonas@sicking.cc>, "public-script-coord@w3.org" <public-script-coord@w3.org>, whatwg <whatwg@lists.whatwg.org>, Boris Zbarsky <bzbarsky@MIT.EDU>
On 16/12/12 9:34 PM, David Bruant wrote: > WebIDL needs to embed in some way the notion of origin to enable > throwing for security reasons in the right places. > > One idea would be to add an [OriginAware] extended attribute: > * On operations (like in Boris case), an origin check would be performed > before calling the core of the operation Why would this need to be on specific operations and not just be enforced on every operation? Is it that we want to avoid the overhead of origin checking if we know that calling the operation does not leak information? Or it it that only a limited set of objects is exposed cross origin anyway, so we only need to check those? > * On attributes, both the getter and setter would throw if "this" is not > of the right origin. > * On interfaces, it would apply to everything (might be necessary for > Window and Document) For the actual wording of the check, we could either have a "security check" that is performed at the right time in #es-operations etc. and which HTML defines to do the origin checking, or we can make Web IDL aware of origins itself, and then HTML would define what origin different objects come from.
Received on Monday, 7 January 2013 23:20:09 UTC