[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check from bugzilla@jessica.w3.org on 2013-08-14 (public-script-coord@w3.org from July to September 2013)

From: <bugzilla@jessica.w3.org>
Date: Wed, 14 Aug 2013 20:48:15 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-CONEbjyB2x@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
          Component|WebIDL                      |HTML
         Resolution|FIXED                       |---
           Assignee|cam@mcc.id.au               |ian@hixie.ch
            Product|WebAppsWG                   |WHATWG
   Target Milestone|---                         |Unsorted
         QA Contact|public-webapps-bugzilla@w3. |contributor@whatwg.org
                   |org                         |

--- Comment #10 from Ian 'Hixie' Hickson <ian@hixie.ch> ---
Sounds good. I'm taking this back to do my side.

I guess I have to have a single "perform a security check" algorithm that then
defers to interface-specific algorithms if they exist, and is a noop otherwise.

What am I supposed to return? Or am I just supposed to throw if it fails, and
do nothing if it passes? It doesn't look like you check the return value or
handle exceptions (e.g. by aborting the calling algorithm) from this, but maybe
I'm missing some general rule for interpreting WebIDL algorithms.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Wednesday, 14 August 2013 20:48:16 UTC