W3C home > Mailing lists > Public > public-script-coord@w3.org > July to September 2013

[Bug 22346] Security: When invoking a method, getter, or setter on an object using the property descriptor of another, we need to do a security check

From: <bugzilla@jessica.w3.org>
Date: Wed, 14 Aug 2013 22:10:31 +0000
To: public-script-coord@w3.org
Message-ID: <bug-22346-3890-LtUZInCRTt@http.www.w3.org/Bugs/Public/>

Cameron McCormack <cam@mcc.id.au> changed:

           What    |Removed                     |Added
                 CC|                            |cam@mcc.id.au

--- Comment #11 from Cameron McCormack <cam@mcc.id.au> ---
(In reply to comment #10)
> What am I supposed to return? Or am I just supposed to throw if it fails,
> and do nothing if it passes? It doesn't look like you check the return value
> or handle exceptions (e.g. by aborting the calling algorithm) from this, but
> maybe I'm missing some general rule for interpreting WebIDL algorithms.

I documented my expectations of what you would do in the "perform a security
check" algorithm here:



So yes, throw an exception (SecurityError I suppose?) or return normally.  Web
IDL algorithms propagate exceptions unless explicitly caught.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 14 August 2013 22:10:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:17 UTC